How to Parse App Log from Apache nifi

leandrojmp · July 28, 2017, 10:54pm

You can use something like this:

%{DATE:date} %{TIME:time} %{WORD:EventType} %{GREEDYDATA:EventText}

You will have a field with the date in the format yy-mm-dd, a field with the time, a field with the event type and a field with the rest of the message.

LIke this:

{
  "date": [
    "17-07-28"
  ],
  "time": [
    "11:40:00,256"
  ],
  "EventType": [
    "WARN"
  ],
  "EventText": [
    "[Timer-Driven Process Thread-7] o.a.h.c.protocol.ResponseProcessCookies Invalid cookie header: "set-cookie: guest_id=v1%3A150125640009836952; Expires=Sun, 28 Jul 2019 15:40:00 UTC; Path=/; Domain=.twitter.com". Invalid 'expires' attribute: Sun, 28 Jul 2019 15:40:00 UTC"
  ]
}

You can test grok patterns using grok debug or if you have Kibana 5.5 with X-Pack, it's a new feature.

Topic		Replies	Views
Using my log timestamp in logstash sample log (first-pipeline.conf) Logstash	5	1824	May 30, 2017
Logstash is not splitting apache log fields Logstash	2	580	May 22, 2018
Not able to parse fields with logstash Logstash	4	1657	July 6, 2017
Logstash Extract message field .log file Logstash	1	358	June 30, 2021
Logstash Output doesnt have grok fields but Event.original only Logstash	8	637	August 30, 2022

How to Parse App Log from Apache nifi

Related topics