Logstash filter take everything after

Betorov · July 30, 2021, 9:28am

Hi avrey one,
I wanted to filter this type of message:
ip ip text
I don't know the format of the text and what is inside of it.I only know that there is 2 ip and the text.
How i can geto something that I don't know is structurated? (I want to take the text but i don't know how it's made (it can have number and text))

Cad · July 30, 2021, 9:34am

Hi,
I think, using the grok plugin is the best solution available for you.
Cad.

Betorov · July 30, 2021, 9:43am

Thank for your reply @Cad .
I have tried to use it but it give a _grokparsefailure.

 grok
                {
                match => { "message"=> "%{IP:client} %{IP:destination} %{GREEDYDATA:request} " }
                }

Cad · July 30, 2021, 9:56am

Can you give us an exemple of your data ?

I think you have to remove the last space after the GREEDYDATA pattern.

system · August 27, 2021, 9:57am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to find filter for this? Logstash	9	343	May 23, 2018
Logstash filter for IP addresses Logstash	1	1513	November 15, 2017
Help with filtering message based on regex Logstash	3	463	April 8, 2021
How to filter ipv6 address from message Kibana	2	1240	February 9, 2018
Logstash Grok problem Logstash	1	345	January 2, 2020

Logstash filter take everything after

Related topics