I have applied grokpattern to parsed logs,but it happens at kibana that some logs are parsed and some are unparsed while unparsed message is same for both,Kindly help me to find out the issue.
sample of parsed and unparsed message is attached.
grok pattern is:
`%{DATA:message_code}: %{DATA:description} %{INT:sequence_no}.*:%{IP:source.ip}/%{INT:source.port}\(LOCAL\\%{DATA:username}\).*:%{IP:destination.ip}/%{INT:destination.port}.*%{TIME:duration}.* %{NUMBER:bytes}"
Hello @Priyanka_chauhan
You can try this below grok pattern which is working for both of the above mentioned patterns
%{DATA:message_code}: %{DATA:description} %{INT:sequence_no} for %{DATA:source_mode}:%{IP:source_ip}/%{INT:source_port}\(LOCAL\\%{GREEDYDATA:source_username}\) to %{DATA:destination_mode}:%{IP:destination_ip}/%{INT:destination_port} duration %{TIME:duration} bytes %{NUMBER:bytes} \(%{GREEDYDATA:dest_username}\)
Keep Posted!!! Thanks !!!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.