Hi, I am using grok filter to find match, lines in "message",But i not getting how to get that lines from "message".
Here is my filter
grok
{
match => { logs => "dhd_check_hang: Event HANG send up due to"}
}
And here is input
rxctl: rxcnt_timeout=5, rxlen=0
15119.753889] [] (kthread+0xe0/0xe4) from [] (ret_from_fork+0x14/0x20)
15119.753889] dhd_bus_rxctl: rxcnt_timeout=5, rxlen=0
15119.753889] dhd_bus_rxctl: rxcnt_timeout=5, rxlen=0
15119.753889] dhd_bus_rxctl: rxcnt_timeout=5, rxlen=0
15119.753889] dhd_bus_rxctl: rxcnt_timeout=5, rxlen=0
[15119.753902] Dhd_check_hang: Event HANG send up due to re=5 te=0 e=-110 s=2
[15119.753917] Dhd_check_hang: Event HANG send up due to re=5 te=0 e=-110 s=2
[15119.753937] Dhd_prot_ioctl : bus is down. we have nothing to do
[15119.791431] [] (schedule_timeout+0x158/0x25c) from [] (0xea1e0000)
[15119.799331] kworker/3:2 R running 0 29597 2 0x00000000
[15119.805699] [] (__schedule+0x3d0/0x8a4) from [] (worker_thread+0x1fc/0x3dc)
[15119.814384] [] (worker_thread+0x1fc/0x3dc) from [] (kthread+0xe0/0xe4)
[15119.822637] [] (kthread+0xe0/0xe4) from [] (ret_from_fork+0x14/0x20)
[15119.830710] kworker/u8:1 S c0ab2fd4 0 29738 2 0x00000000
[15119.837078] [] (__schedule+0x3d0/0x8a4) from [] (worker_thread+0x1fc/0x3dc)
[15119.845763] [] (worker_thread+0x1fc/0x3dc) from [] (kthread+0xe0/0xe4)
[15119.854015] [] (kthread+0xe0/0xe4) from [] (ret_from_fork+0x14/0x20)
[15119.862088] kworker/u8:4 S c0ab2fd4 0 29739 2 0x00000000
[15119.868455] [] (__schedule+0x3d0/0x8a4) from [] (worker_thread+0x1fc/0x3dc)
[15119.877140] [] (worker_thread+0x1fc/0x3dc) from [] (kthread+0xe0/0xe4)
[15119.885391] [] (kthread+0xe0/0xe4) from [] (ret_from_fork+0x14/0x20)
[15119.893468] Sched Debug Version: v0.10, 3.10.96+ #1
[15119.898337] ktime