Help with a grok pattern

simonrisberg · August 27, 2015, 8:14am

Hi!

I tried your second solution but apparently it doesn't make a field out of it. Is there something I have missed?

filter {

   grok {

     type => "nexus-log"
     break_on_match => false

     match => [
        "message", "\b\w+\b\s/nexus/content/repositories/(?<repositories>[^/]+)",
        "message", "(?<mytimestamp>%{MONTHDAY}/%{MONTH}/%{YEAR}:%{HOUR}:%{MINUTE}:%{SECOND} %{ISO8601_TIMEZONE})",
        "message", "(%{WORD:requesttype reps}) /nexus/content/repositories/",
        "message", "(%{WORD:requesttype groups}) /nexus/content/groups/public/com/jeppesen/jcms/",
        "message", "\b\w+\b\s/nexus/content/repositories/jts-development/(?<repofile>.*\.pom)$",
        "message", "\b\w+\b\s/nexus/content/groups/public/com/jeppesen/jcms/(?<groups>[^/]+)"
      ]
   }
   date{
      match => ["mytimestamp", "dd/MMM/YYYY:HH:mm:ss Z" ]
      remove_field => ["mytimestamp"]
   }

}

Topic		Replies	Views
Take out bits of a URIPATH in Logstash Logstash	21	4979	July 6, 2017
Split grok pattern Logstash	3	2922	July 6, 2017
Grok URI extract Logstash	7	28749	July 6, 2017
Regular expression problem Logstash	12	2515	July 6, 2017
Grok filter logstash config Logstash	7	1434	July 6, 2017

Help with a grok pattern

Related topics