I have the following log...
2017-03-27 14:24:50,607 DEBUG :Finalizer thread [com.company.classname]
...and the following filter
filter {
grok {
match => {
"message" => [
"%{TIMESTAMP_ISO8601:logdate}%{SPACE}%{LOGLEVEL:loglevel}%{SPACE}:%{HELP_WITH_PATTERN:thread}"
]
}
}
}
What should "HELP_WITH_PATTERN" be so I get thread => "Finalizer thread"
you could also create your own pattern:
NOTBRACKET [^[]+
Then call that:
%{TIMESTAMP_ISO8601:logdate}%{SPACE}%{LOGLEVEL:loglevel}%{SPACE}:%{NOTBRACKET:thread}${GREEDYDATA:theRest}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.