Help with grok pattern

Rahul_A · May 7, 2021, 2:15am

Hi friends,

I'm a newbie with grok filter and need help parsing the log message.

Here is my log message:
2016-07-11T23:56:42.000+00:00 INFO ALERT|ECE002|5 Error with transaction for session -464410bf-37bf-475a-afc0-498e0199f008

I'm able to parse the message with following pattern:
%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:log-level} %{GREEDYDATA:message}

I need to parse ALERT|ECE002|5 from message and get the value ECE002 from the message.

Is there a way to achieve that?

Cheers!

lachlan.simpson · May 7, 2021, 6:32am

I would suggest using csv with source => "message" and separator => "|"

system · June 4, 2021, 6:33am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Request help with a grok filter pattern for date Logstash	3	542	July 6, 2017
Grok pattern Logstash	3	254	November 10, 2021
Need grok pattern for logstash Logstash	7	442	June 29, 2022
Grok Pattern Help with message parsing Logstash	5	1450	July 6, 2017
Having problems parsing data Logstash	4	305	February 18, 2021

Help with grok pattern

Related topics