Help with the grok filter on the custom application log

email2vimalraj · December 18, 2018, 8:14am

Hi,

I'm getting logs like this:

2018-12-17 15:10:58,806 INFO   AS="234_sample-app" REQ="1234" com.example.Event - COMP="my-sample-app" Status=200

Sometimes like this also:

2018-12-17 15:10:58,806 INFO   AS="" REQ="" com.example.Event - COMP="my-sample-app"

If you notice, the fields AS and REQ are empty in the 2nd log and no Status field. I'm not sure on how to come up with grok filter for this kind of pattern. I've to make the Status field optional, but should be aggregated in Elastic Search.

system · January 15, 2019, 8:19am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash filter file don't work Logstash	4	568	November 21, 2017
Parse apache access log all the fields and draw the graph using status/response Logstash	2	312	April 19, 2019
Filter for When Log changes Slightly Logstash	2	261	April 21, 2021
Logstash GROK filter query Logstash	8	2079	May 16, 2017
Logstash: Optional fields in grok Logstash	3	408	January 4, 2023

Help with the grok filter on the custom application log

Related topics