I have around 30+ error strings for docker logs. I need logstash to parse the logs only if it matches those error strings.
It depends on what processing you want to do. You might be able to do this with a single grok that has 30+ patterns in it. Or you might need an if-else if-else if with 30+ branches.
Thanks Badger for the reply, but how will parsing of fields works in this case. it's simple as like search, i don't want to parse it to any fields. I just want it to display the logs once it matches the error strings. Can you help me with the grok syntax for this?
Can you show me some examples of messages you want to index?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.