Logstash filter take everything after

Betorov · July 30, 2021, 9:28am

Hi avrey one,
I wanted to filter this type of message:
ip ip text
I don't know the format of the text and what is inside of it.I only know that there is 2 ip and the text.
How i can geto something that I don't know is structurated? (I want to take the text but i don't know how it's made (it can have number and text))

Cad · July 30, 2021, 9:34am

Hi,
I think, using the grok plugin is the best solution available for you.
Cad.

Betorov · July 30, 2021, 9:43am

Thank for your reply @Cad .
I have tried to use it but it give a _grokparsefailure.

 grok
                {
                match => { "message"=> "%{IP:client} %{IP:destination} %{GREEDYDATA:request} " }
                }

Cad · July 30, 2021, 9:56am

Can you give us an exemple of your data ?

I think you have to remove the last space after the GREEDYDATA pattern.

system · August 27, 2021, 9:57am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash filter for IP addresses Logstash	1	1513	November 15, 2017
Help with filtering message based on regex Logstash	3	462	April 8, 2021
How to filter my logs Logstash	9	517	June 29, 2018
Logstash Filter help - Newbie question Logstash	6	314	February 17, 2022
Filter for message field with specific pattern Logstash	3	446	December 4, 2017

Logstash filter take everything after

Related Topics