How to grok log file with different line formats

(Amogh Mudkavi) #1

my input log file looks like ...

Infodom ABCDE
RuleID 1481519674238
BuildFlag false
InfoDate 20160331
TaskID Task25
Optional Params "$RUNID=1481925973714,$PHID=XXXX_FR2052A_COMMON_RULES,$EXEID=1482870457650,$RUNSK=8505"
BatchRunExeID ABCDE_1482870457650_20160331_1

How can i index this based on rule id, info date, task id etc... can somebody help me?

(Magnus Bäck) #2

What's the expected output of a file like the example above? Express the result you want as JSON.

(Amogh Mudkavi) #3

Hi Magnus Bäck,

Thank you very much for helping me.

Output = elasticksearch
but want to index on each of the line like ...

But all these are on different lines on the same log file.

(Magnus Bäck) #4

Please show an example event that you'd like to see. Do not describe it. Show a concrete JSON example.

(system) #5

