Greetings everyone,
I m pretty new to the whole ELK stack, please excuse me if this seems as a noob question.
I am trying to match the following log message:
frost: (Total of 4 licenses issued; Total of 0 licenses in use)
Using the following grok pattern:
%{WORD:program_name}: (Total of %{BASE10NUM:licenses_total:int} licenses issued; Total of %{BASE10NUM:licenses_in_use:int} licenses in use)
I've tested the pattern with 3 different debuggers and according to them it should be fine. Unfortunately I get _grokparsefailure
Could you please help?
best,
Lyubo
Badger
February 21, 2019, 2:47pm
2
Parentheses have meaning in regular expression (they define capture groups) so you need to escape them.
"%{WORD:program_name}: \(Total of %{BASE10NUM:licenses_total:int} licenses issued; Total of %{BASE10NUM:licenses_in_use:int} licenses in use\)"
Hello Badger...they are escaped..for some reason when I pasted the line it was not posted correctly but the line is:
"%{WORD:program_name}: \(Total of %{BASE10NUM:licenses_total:int} licenses issued; Total of %{BASE10NUM:licenses_in_use:int} licenses in use\)"
Sorry about the confusion
system
March 22, 2019, 8:11am
4
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
