How to parse Logline

hispeed · May 31, 2017, 7:05pm

I tried with the following code, but nothing usful happens:

filter {

    if [logsource] == "XXXXXXserver" {
        grok {
                 match => { "message" => "%{WORD:Synology_Verb_Typ} %{SPACE} %{USERNAME:Syno_User} %{GREEDYDATA}" }
        }

        kv  {
                value_split => ":"
                field_split => ","
        }
   }
    if [logsource] == "XXXXXX_SERVER" {

        kv  {
                value_split => ":"
                field_split => ","
        }
   }
}

Attached you can vie the output in Kibana.

Topic		Replies	Views
Not able to parse fields with logstash Logstash	4	1663	July 6, 2017
Not displaying fields specified in the Logstash filter Logstash	11	4752	July 6, 2017
Grok filter logstash config Logstash	7	1448	July 6, 2017
New fields Logstash	9	513	August 26, 2018
[SOLVED] Grok and split fields Logstash	5	8825	July 6, 2017

How to parse Logline

Related topics