How to use custom grok pattern for syslog input

Hari_Krishna · May 7, 2020, 9:06am

Hi,

I listening to the port 31230 to get syslogs from a router. The logs are coming in but it doesnt use my grok filter. Kibana uses some default index pattern for syslogs.

input {
syslog {
            type => "syslog"
            port => 31230
          }
}
filter {

grok
{
        break_on_match => false
        pattern_definitions => { "mssg"      => "((Msg|message|Message|message1|message2|Message1|Message2) [=])"
                                 "nhchg"     => "%{WORD} -> %{WORD}"
                                 "debug"  => "NDP-DBG"
                                }
        match => {
                "message" => ["%{TIMESTAMP_ISO8601:timestamp} %{WORD:node}:%{WORD:program}:%{INT:pid} %{WORD:tracetype}.*%{mssg} \"%{GREEDYDATA:Message}\""]
                "Message" => ["%{debug:NDPdebug}:%{DATA:function}:%{INT:line}:: %{GREEDYDATA:msg}", "NexthopId %{WORD:nexthop_id}", "state %{WORD:state}", "event %{WORD:event}", "Prefix %{DATA:prefix}/", "NhType_change %{nhchg:nhtype_change}"]
    }
  }
}

There is no error in the configuration. I have tried running it by getting input from a file.

system · June 4, 2020, 9:06am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Parsing Syslog with Logstash Grock Filter isn't working with Kibana Logstash	3	378	August 14, 2021
Gork filter with custom pattern Logstash	4	432	December 13, 2019
GROK pattern for syslogs Logstash	4	7088	October 13, 2021
Logstash - newbie question - how to serach single event for a pattern, string Logstash	19	4156	July 6, 2017
Need help Parsing json with grok Logstash	1	241	July 15, 2020

How to use custom grok pattern for syslog input

Related Topics