Help with grok pattern

Rahul_A · May 7, 2021, 2:15am

Hi friends,

I'm a newbie with grok filter and need help parsing the log message.

Here is my log message:
2016-07-11T23:56:42.000+00:00 INFO ALERT|ECE002|5 Error with transaction for session -464410bf-37bf-475a-afc0-498e0199f008

I'm able to parse the message with following pattern:
%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:log-level} %{GREEDYDATA:message}

I need to parse ALERT|ECE002|5 from message and get the value ECE002 from the message.

Is there a way to achieve that?

Cheers!

lachlan.simpson · May 7, 2021, 6:32am

I would suggest using csv with source => "message" and separator => "|"

system · June 4, 2021, 6:33am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.