How to use custom grok pattern for syslog input

Hari_Krishna · May 7, 2020, 9:06am

Hi,

I listening to the port 31230 to get syslogs from a router. The logs are coming in but it doesnt use my grok filter. Kibana uses some default index pattern for syslogs.

input {
syslog {
            type => "syslog"
            port => 31230
          }
}
filter {

grok
{
        break_on_match => false
        pattern_definitions => { "mssg"      => "((Msg|message|Message|message1|message2|Message1|Message2) [=])"
                                 "nhchg"     => "%{WORD} -> %{WORD}"
                                 "debug"  => "NDP-DBG"
                                }
        match => {
                "message" => ["%{TIMESTAMP_ISO8601:timestamp} %{WORD:node}:%{WORD:program}:%{INT:pid} %{WORD:tracetype}.*%{mssg} \"%{GREEDYDATA:Message}\""]
                "Message" => ["%{debug:NDPdebug}:%{DATA:function}:%{INT:line}:: %{GREEDYDATA:msg}", "NexthopId %{WORD:nexthop_id}", "state %{WORD:state}", "event %{WORD:event}", "Prefix %{DATA:prefix}/", "NhType_change %{nhchg:nhtype_change}"]
    }
  }
}

There is no error in the configuration. I have tried running it by getting input from a file.

system · June 4, 2020, 9:06am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Parsing Syslog with Logstash Grock Filter isn't working with Kibana Logstash	3	379	August 14, 2021
Config Logstash for Syslog Logstash	5	1328	April 4, 2017
Gork filter with custom pattern Logstash	4	432	December 13, 2019
Grok translation help Logstash	1	261	January 7, 2019
GROK pattern for syslogs Logstash	4	7213	October 13, 2021

How to use custom grok pattern for syslog input

Related topics