Hi here !
I have multiple formats in one file to grok.Below is the one type of data
2017-03-23 08:51:43,088 INFO [ActiveMQ Session Task-142] INVOICE02-SAP Vendor Number: SAP Vendor Number Query Result [{DUNS_ID=750944209, SAP_VENDOR_NUMBER=301183}]
Which is running fine with the below grok
%{TIMESTAMP_ISO8601:coffii_timestamp}\s*%{LOGLEVEL:logtype}\s*[%{DATA:task_descriptor}?]\s*%{GREEDYDATA:coffii_message}
But when I run on this format of data
2017-03-23 08:51:42,913 INFO [[order-processing-1.0.9.1-v20150131-00+20].Vendor-Email-Flow.stage1.32] org.mule.api.processor.LoggerMessageProcessor:
the task_descriptor is not getting proper value. it returns "[order-processing-1.0.9.1-v20150131-00+20" but I need it to return "[[order-processing-1.0.9.1-v20150131-00+20].Vendor-Email-Flow.stage1.32]"
If i changed DATA:task_descriptor to GREEDYDATA:task_descriptor as shown below
%{TIMESTAMP_ISO8601:coffii_timestamp}\s*%{LOGLEVEL:logtype}\s*[%{GREEDYDATA:task_descriptor}?]\s*%{GREEDYDATA:coffii_message}
then above issue is resolved but first format of data is not coming through properly. Everything after the "INFO" field ends up the task_descriptor field, instead of just the "[ActiveMQ Session Task-142]" piece.
Kindly advise.
Tested above on "https://grokdebug.herokuapp.com/"