How to fetch specific data from message text and add it in new field

Ani · January 10, 2019, 10:27am

We are using this below grok pattern :

grok {
match => {
message => "^%{TIMESTAMP_ISO8601:timestamp_match}\s*%{WORD:system}\s*%{LOGLEVEL:loglevel}\s*%{SYSLOGHOST:session_id}\s*%{SYSLOGHOST:req_id}\s*%{WORD:user}\s*%{WORD:channel}\s*-\s*%{USERNAME:rqrs}\s*%{GREEDYDATA:message_text}\s*"

Log: 2019-01-10T12:50:00,362 system INFO 187b2850-14bd-11e9-be75-0a0484180000 187b2648-14bd-11e9-be75-0a0484180000 System system - REQUEST {method=GET, path=/LCLG/lclg/pending-activation-status, headers={SOAPAction="", requestId=187b2648-14bd-11e9-be75-0a0484180000, Connection=Keep-Alive, Host=...153:30**, sessionId=187b2850-14bd-11e9-be75-0a0484180000, userName=Syst

We need to fetch path (path=/LCLG/lclg/pending-activation-status) from messege_text field (messege_text field created in Grok Pateern) and add it in a new field "path" .

system · February 7, 2019, 10:32am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.