How do I break E0802 into E and 0802?
http://grokdebug.herokuapp.com/
E0802 05:01:29.979775 30003 logging.cc:121] stderr will be logged to this file.
%{NOTSPACE:log_level} %{NOTSPACE:log_time} %{NOTSPACE:log_threadid} %{NOTSPACE:log_file}:%{NOTSPACE:log_line}] %{GREEDYDATA:log_msg}
Use grok.
grok { match => { "log_level" => "(?<e>.)%{NUMBER:foo}" } }Wait, what did you do to make everything an array of arrays? I would have expected that to get parsed as (in rubydebug terms)
"log_level" => "E0802"
"log_time" => "05:01:29.979775"
etc.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.