Kibana grok patterns match exact string

Hello there,

I want to ingest a log with grok patterns in kibana.

The log time format is slightly different from ready-made drafts as belove.

03/24 21:56:55.300 INFO Security.....

Time Format -> dd/MM hh:mm:ss.SSS

I want to match it with DATA pattern, and i am trying to make a stop point the other field (Log_Type) which can be INFO,WARN,ERROR

However, i have to also make them(INFO or WARN or ERROR) a field, and i don't know how to do it with regex.


Anyone can help me to fix it ?

Thanks beforehand.

You could define a regular expression to match the Log_Type:

%{DATA:time} (?<log-level>INFO|WARN|ERROR)

But you shouldn't use a custom regex for this. Take a look at the Grok documentation: Grok filter plugin | Logstash Reference [7.12] | Elastic

There is a syntax to Grok expressions, and has about 120 built-in patterns defined here: logstash-patterns-core/patterns at master · logstash-plugins/logstash-patterns-core · GitHub

You could use the LOGLEVEL pattern to match your Log_Type data:

%{DATA:timestamp} %{LOGLEVEL:level}

Hi @tsullivan ,

%{DATA:time} is not exactly what i trying to do. Because, there is one space between date and time. time field will be '03/24'. However, i want to make it all '03/24 21:56.55.300'.

I figured it out by writing custom regex as you mentioned. Just wanna now if it is possible without regex.


Hi, you can use "custom patterns" to create a new pattern by composing built-in patterns. Grok filter plugin | Logstash Reference [7.12] | Elastic

A custom pattern that can match 03/24 21:56:55.300 as a timestamp would look like:


In the Grok Pattern, you use the custom pattern as:


The resulting structured data would look like:

  "date": "03/24 21:56:55.300",
  "msg": "Security.....",
  "level": "INFO"

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.