Help with the grok filter on the custom application log

email2vimalraj · December 18, 2018, 8:14am

Hi,

I'm getting logs like this:

2018-12-17 15:10:58,806 INFO   AS="234_sample-app" REQ="1234" com.example.Event - COMP="my-sample-app" Status=200

Sometimes like this also:

2018-12-17 15:10:58,806 INFO   AS="" REQ="" com.example.Event - COMP="my-sample-app"

If you notice, the fields AS and REQ are empty in the 2nd log and no Status field. I'm not sure on how to come up with grok filter for this kind of pattern. I've to make the Status field optional, but should be aggregated in Elastic Search.

system · January 15, 2019, 8:19am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Issue with custom parsing in grok filter Logstash	3	320	May 8, 2019
Filter for When Log changes Slightly Logstash	2	246	April 21, 2021
Can't Get Custom Grok Filter To Work Logstash	2	326	August 1, 2018
Logstash Grok problem Logstash	1	345	January 2, 2020
Logstash Grok Filter Issue Logstash	2	656	April 14, 2017

Help with the grok filter on the custom application log

Related topics