Logstash Grok filter for parsing particular log record

Dhanashree · May 15, 2018, 3:53am

Hi,
I am trying to parse mule logs using logtsash grok filter the mule logs basically contains a logger in which i am printing nested json format.Using if else condition i have used drop filter to remove the unnecessary data and wish to parse the following log record

INFO 2018-05-14 15:39:18,980 [[Realtime_flow].HTTP_Listener_Configuration.worker.01] org.mule.api.processor.LoggerMessageProcessor: {"versionId":"1.0","environment":{"organizationId":"XYZ","businessUnitId":"APPS","projectId":"ABC","environmentId":"DEV","serverId":"90.246.16.101"},"transaction":{"interfaceId":"interface01","sourceId":"DB","targetId":"XYZ"},"transactionDetail":{"correlationId":"dd820c30-575e-11e8-9bc5-40e920524153","businessId":"B04","executionTime":"2018-05-14 03:39:18:977","executionPoint":"Execution end point of interface01","executionMessage":"After completion of transaction","executionStatus":"SUCCESS","payload":{}}}

I want to write grok filter to take the bold text(nested json in one field) but i am unable to write the filter for the same. I have tried the following filter but i am not getting the data in seperate fields.Can you please help me in writing the grok pattern-

grok
{
match => ["message", "%{LOGLEVEL:level}%SPACE%{TIMESTAMP_ISO8601:executiontime}%{SYSLOG5424SD}.%{JAVACLASS:class}%{BASE16FLOAT}%SPACE%{JAVACLASS:class1}:%SPACE{GREEDYDATA:jsonmsg}"]

}

Krunal_kalaria · May 15, 2018, 4:21am

hi @Dhanashree,

If you have json format logs then in logstash filter json filter plugin is available if you are not aware of this than.

so you can use that plugin and not needed to write the grok it will parse the data automatically this is only for json logs.

Thanks & Regards,
Krunal.

Dhanashree · May 15, 2018, 4:48am

Yes i am aware of the json filter but my data file does not contain only json data it has log records and nested json is part of the record so logstash is not able to parse the records because it has other elements such as java class and all. So i thought of writing grok filter to put data in fields and seperate accordingly.

system · June 12, 2018, 4:48am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.