Logstash filter take everything after

Betorov · July 30, 2021, 9:28am

Hi avrey one,
I wanted to filter this type of message:
ip ip text
I don't know the format of the text and what is inside of it.I only know that there is 2 ip and the text.
How i can geto something that I don't know is structurated? (I want to take the text but i don't know how it's made (it can have number and text))

Cad · July 30, 2021, 9:34am

Hi,
I think, using the grok plugin is the best solution available for you.
Cad.

Betorov · July 30, 2021, 9:43am

Thank for your reply @Cad .
I have tried to use it but it give a _grokparsefailure.

 grok
                {
                match => { "message"=> "%{IP:client} %{IP:destination} %{GREEDYDATA:request} " }
                }

Cad · July 30, 2021, 9:56am

Can you give us an exemple of your data ?

I think you have to remove the last space after the GREEDYDATA pattern.

system · August 27, 2021, 9:57am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.