Log stash how to pattern match a phrase? Custom Regex?

shield · October 28, 2016, 1:41pm

New to Logstash and I have seen many items that discuss using defined patterns to parse logs but I have some ugly logs that don't fit a defined format. I need to do accomplish two things:

Parse an ugly time stamp into its own field
Look for a phrase to get the code value next to it.

Is it correct to use grok for this? I have only seen established patterns that don't fit my logs at all.

Input:
8:00:01:495/UTC(10/14/2016) ERROR ShieldWorker : Discovery_Shield:MAJ:Problems with call:org.springframework.web.client.HttpClientErrorException: 401 Unauthorized

I have attempted several iterations using the http://grokdebug.herokuapp.com/

shield · October 28, 2016, 3:03pm

Figured out the first part of the getting the ugly timestamp with:

%{TIME:time}%{GREEDYDATA:igrnore}%{DATE_US}

magnusbaeck · October 29, 2016, 7:57pm

%{TIME:time}%{GREEDYDATA:igrnore}%{DATE_US}

Faster, more exact, and extracts the date too:

%{TIME:time}/UTC\(%{DATE_US:date}\)

What else do you want to extract from the log message?

Topic		Replies	Views
Non standard log lines Logstash	2	1096	July 6, 2017
Parse different datetime values into timestamp Logstash	4	604	April 14, 2017
Grok pattern for the time which has some character attached to it Logstash	3	255	March 18, 2020
Grok pattern Logstash	3	254	November 10, 2021
Need grok pattern for logstash Logstash	7	443	June 29, 2022

Log stash how to pattern match a phrase? Custom Regex?

Related topics