Help on Filters

Sridhar · February 9, 2018, 1:14pm

Hi All,

Need help to create a logstash filter for the below log format.

router#001(26322) 2018/02/09 00:00:17 -FKSPT- {2:2} Read from QMGR:INPUT_IN[wmqin(srid)] <Message(candidate => unknown, id => (2)"-1", userref => (13)"1830300016.01", reference => (12)"MM1801506848", relatedref => (16)"BALAL2L0000RAMAN2L", message_id => (20)"20180209MM1801506848", system_id => (29)"TNV20180209000017-24761-26322")>

I want the to insert to elasticsearch as below

"router" : "router#002(99253)",
"INTIME" : "2018/02/09 00:00:17"
"level" : "-FKSPT-"
"INMSG" : "Read from QMGR:INPUT_IN[wmqin(srid)]"
"MSGID" : "20180209MM1801506848"
"SYSID" : "TNV20180209000017-24761-26322"

Please help me to get the grok code for the above log format... Thanks,

system · March 9, 2018, 1:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.