_grokparsefailure exception with custom pattern

Hi,

I am newbie and trying to add a field as "cid" in with my logs based on this pattern

2018-03-14 22:26:57.268 INFO 22996 --- [nio-8090-exec-2] com.example.ms1.service.ValidatorImpl : validation completed with cid: ms1-0-8a7e131b-1730-45f2-a72d-c2bc7cba4b93
2018-03-14 22:26:57.470 INFO 22996 --- [nio-8090-exec-2] com.example.ms1.service.ProcessorImpl : processing completed with cid: ms1-0-8a7e131b-1730-45f2-a72d-c2bc7cba4b93

I have created a file for my custom pattern named as "CORRELATIONID [A-Fa-f0-9]{3}-[0-9]{1}-[A-Fa-f0-9]{8}-(?:[A-Fa-f0-9]{4}-){3}[A-Fa-f0-9]{12}" and I am using this grok

grok {
patterns_dir => ["C:/Users/Venturedive/Desktop/custom-pattern"]
match => {"message" => "%{TIMESTAMP_ISO8601:timestamp} *%{LOGLEVEL:level} %{CORRELATIONID:cid}"}
}

can anyone help?

The first two characters of the correlation id are m and s, which are not in the range a-f. This matches

input { generator { message => 'ms1-0-8a7e131b-1730-45f2-a72d-c2bc7cba4b93' count => 1 } }
output { stdout { codec => rubydebug } }
filter {
  grok { match => [ "message", "(?[A-Fa-s0-9]{3}-[0-9]{1}-[A-Fa-f0-9]{8}-(?:[A-Fa-f0-9]{4}-){3}[A-Fa-f0-9]{12})" ] }
}

Thanks for your reply, I have updated my grok like this
grok {
match => [ "message", "(?[A-Za-z0-9]{3}-[0-9]{1}-[A-Fa-f0-9]{8}-(?:[A-Fa-f0-9]{4}-){3}[A-Fa-f0-9]{12})" ]
}

since first two letters can be from a to z, but now it is giving me regex error

regex%20error1311×549 39.8 KB

Cool it worked, just modified my grok like this
grok {
match => [ "message", "(?[A-Za-z0-9]{3}-[0-9]{1}-[A-Fa-f0-9]{8}-(?:[A-Fa-f0-9]{4}-){3}[A-Fa-f0-9]{12})" ]
}

thanks badger

Sorry, I didn't escape the < and >, so it ate the name

grok { match => [ "message", "(?<cid>[A-Za-z0-9]{3}-[0-9]{1}-[A-Fa-f0-9]{8}-(?:[A-Fa-f0-9]{4}-){3}[A-Fa-f0-9]{12})" ] }

yeah I did the same and it was perfect (y)

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.