Help with grok pattern for logs parsen in logstash

bab · October 24, 2018, 1:48pm

Hey all,
i have a problem with my grok pattern i have 2 type of logs with have one different and if i create two grok matches with the patterns (all similar until LOGLEVEL pattern) look below:
my logs

[9/16/18 19:58:29:827 CEST] 0000006e SystemOut O CIWEB Warn : [ls94mn(unknown) @ 10.16.60.8] de.abc.response.ImportContactsChoiceList.executeFilter() User with bensl=g5082 not found.
[9/16/18 20:28:53:225 CEST] 000004cc SystemOut O CIWEB Error: [mfbr8qv(unknown) @ 10.16.60.8] com.ibm.ecm.struts.actions.p8.P8RetrieveItemsAction.executeAction()

my grok matches:

grok {
  break_on_match => false
   match => [ "message","%{DATESTAMP:time} %{NOTSPACE} %{NOTSPACE:thread} %{WORD:log-source} [ ]* %{NOTSPACE:sev} %{NOTSPACE:module} %{LOGLEVEL:log-level} \: %{GREEDYDATA:msg}" ]
   match => [ "message","%{DATESTAMP:time} %{NOTSPACE} %{NOTSPACE:thread} %{WORD:log-source} [ ]* %{NOTSPACE:sev} %{NOTSPACE:module} %{LOGLEVEL:log-level}\: %{GREEDYDATA:msg}" ]
 }

If I use this Grok with both matches, the filter only takes the error LogLevel.

please help in that, thank you all

system · November 21, 2018, 1:50pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash 8.1 multiple patterns Logstash	2	160	December 22, 2023
Logstash Grok pattern match issue Logstash	4	432	September 24, 2021
Logstash - Multiple grok pattern not working together Logstash	4	818	June 18, 2019
Help with grok pattern Logstash	2	231	June 4, 2021
Grok filter 2 different logs Logstash	6	1340	July 6, 2017

Help with grok pattern for logs parsen in logstash

Related topics