Help with using Grok to parse these three log formats

Badger · April 1, 2023, 11:29pm

Don't try to match the entire line with a pattern. Just pull out the fields you need

    grok {
        break_on_match => false
        match => {
            "message" => [
                "account=(?<account>[^;]*);",
                "DeviceType=%{WORD:deviceType}",
                "\[ip=%{IPV4:ip}",
                "oip=%{IPV4:oip}",
                "protocol=%{WORD:protocol}"
            ]
        }
    }

Topic		Replies	Views
Help with this grok Logstash	2	179	May 10, 2023
Need Help Groking Logstash	3	304	March 31, 2020
Need help with grok filtering Logstash	16	492	September 5, 2018
Struggling with Grok/Dissect Logstash	2	273	October 24, 2019
How to match more formats by dissect Logstash	4	419	April 22, 2018

Help with using Grok to parse these three log formats

Related topics