Logstash Grok filter query in Logstash.conf

Raju_Bhagat · April 10, 2019, 10:09am

Dear Community Members,

I am new to grok. Following are the log message to which I want to extract fields values like :
Method : createCabinet
Argument : {"comments":....}
Result : <201 Created,Folder ....
Time : 21611 msec
CorrelationId : 00905cda-10a0-4793-8b77-e1dba05dcb2c

Log Message :

16:43:45.159 [http-nio-8183-exec-9] INFO com.newgen.aspect.LoggingAspect - Method : createCabinet | Argument : {"comments":"Default cabinet precreated by system","ownerName":"manoj","usedFor":"general","folderName":"Cabinet80704183","ownerId":"AVlFxAVOoeDBAMtAMzee","folderType":"cabinet"}{"bytes":[49,50,51,52,53],"empty":false} | Result : <201 Created,Folder [id=5cac7e618dd9854e78007736, folderName=Cabinet80704183, folderType=cabinet, comments=Default cabinet precreated by system, parentFolderId=null, ownerName=manoj, ownerId=AVlFxAVOoeDBAMtAMzee, creationDateTime=Tue Apr 09 16:43:34 IST 2019, revisedDateTime=null, accessDateTime=null, usedFor=general, version=0, metadataId=null, tenantId=12345],{}> | Time : 21611 msec | CorrelationId : 00905cda-10a0-4793-8b77-e1dba05dcb2c

I am debugging this on https://grokdebug.herokuapp.com
So far unable to construct the required grok filter for logstash. Appreciate your help on this.

Thanks,

Badger · April 10, 2019, 12:22pm

Try dissect instead of grok

dissect { mapping => { "message" => "%{}Method : %{method} | Argument : %{argument} | Result : %{result} | Time : %{time} msec | CorrelationId : %{correlationId}" } }

system · May 8, 2019, 12:22pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.