hagaluly
September 24, 2021, 9:59pm
1
i have a log that looks like this
BUILD_DISPLAY_NAME=#998
BUILD_NUMBER=998
JENKINS_URL=https:///jenkins.com
BUILD_ID=998
DEVICE_CRED_PSW=pass
GIT_PREVIOUS_SUCCESSFUL_COMMIT=f847h56934875f6239487562j3498
JOB_BASE_NAME=master
i have this configuration within my logstash
input {
file {
mode => "read"
exit_after_read => true
path => "/data/envVar_regression_builds_210913_135255.log"
start_position => "beginning"
file_chunk_size => 1000000
file_completed_action => "log"
file_completed_log_path => "/var/lib/logstash/logged_file.list"
sincedb_path => "/dev/null"
#ignore_older => "10 m"
}
}
output {
stdout { codec => rubydebug { metadata => true } }
}
how can i grab each string (like BUILD_ID=) and parse it via grok so i can filter its results?
hagaluly
September 24, 2021, 10:12pm
2
tried this without success
filter {
grok {
match => {
"message" => "BUILD_NUMBER= %{NUMBER:build_number}"
}
}
}
Badger
September 24, 2021, 11:30pm
3
I would break_on_match => false and an array of patterns. Like this .
Your example grok does not match because it expects a space after the =
hagaluly
September 25, 2021, 7:25am
4
still not working
input {
file {
mode => "read"
exit_after_read => true
path => "/data/envVar_regression_builds_210913_135255.log"
start_position => "beginning"
file_chunk_size => 1000000
file_completed_action => "log"
file_completed_log_path => "/var/lib/logstash/logged_file.list"
sincedb_path => "/dev/null"
#ignore_older => "10 m"
}
}
filter {
grok {
break_on_match => false
match => {
"message" => [
"BUILD_NUMBER=%{NUMBER:build_number}"
]
}
}
}
output {
#elasticsearch {
# hosts => ["10.56.10.152:9200"]
# index => "jenkins_env_vars"
#}
stdout { codec => rubydebug { metadata => true } }
}
system
October 29, 2021, 9:58pm
6
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.