Help with the grok filter on the custom application log

email2vimalraj · December 18, 2018, 8:14am

Hi,

I'm getting logs like this:

2018-12-17 15:10:58,806 INFO   AS="234_sample-app" REQ="1234" com.example.Event - COMP="my-sample-app" Status=200

Sometimes like this also:

2018-12-17 15:10:58,806 INFO   AS="" REQ="" com.example.Event - COMP="my-sample-app"

If you notice, the fields AS and REQ are empty in the 2nd log and no Status field. I'm not sure on how to come up with grok filter for this kind of pattern. I've to make the Status field optional, but should be aggregated in Elastic Search.

system · January 15, 2019, 8:19am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.