How to grok log file with different line formats


(Amogh Mudkavi) #1

my input log file looks like ...

Infodom ABCDE
RuleID 1481519674238
BuildFlag false
InfoDate 20160331
TaskID Task25
Optional Params "$RUNID=1481925973714,$PHID=XXXX_FR2052A_COMMON_RULES,$EXEID=1482870457650,$RUNSK=8505"
BatchRunExeID ABCDE_1482870457650_20160331_1

How can i index this based on rule id, info date, task id etc... can somebody help me?


(Magnus Bäck) #2

What's the expected output of a file like the example above? Express the result you want as JSON.


(Amogh Mudkavi) #3

Hi Magnus Bäck,

Thank you very much for helping me.

Output = elasticksearch
but want to index on each of the line like ...
Infodom
RuleId
BuildFlag
InfoDate
TaskID

But all these are on different lines on the same log file.


(Magnus Bäck) #4

Please show an example event that you'd like to see. Do not describe it. Show a concrete JSON example.


(system) #5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.