Help with grok pattern

Rahul_A · May 7, 2021, 2:15am

Hi friends,

I'm a newbie with grok filter and need help parsing the log message.

Here is my log message:
2016-07-11T23:56:42.000+00:00 INFO ALERT|ECE002|5 Error with transaction for session -464410bf-37bf-475a-afc0-498e0199f008

I'm able to parse the message with following pattern:
%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:log-level} %{GREEDYDATA:message}

I need to parse ALERT|ECE002|5 from message and get the value ECE002 from the message.

Is there a way to achieve that?

Cheers!

lachlan.simpson · May 7, 2021, 6:32am

I would suggest using csv with source => "message" and separator => "|"

system · June 4, 2021, 6:33am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to extract data from this pattern, with grok filter its not working Logstash	2	373	October 15, 2018
Failed to filter using following grok pattern Logstash	3	249	August 9, 2022
Can anyone please help me how can i parse this firewall log? Logstash	10	449	July 24, 2019
GROK pattern for syslogs Logstash	4	7085	October 13, 2021
I need to parse this log message format Logstash	11	2423	April 2, 2019

Help with grok pattern

Related Topics