Logstash grok working on grok debugger but failing on filter.conf

Hi ,

I have the following text and grok:

Text:

[17/May/2020 14:53:45] INFO [accounts.views.login:278] Registration failed: Invalid Referral Code. Please check your code and retry, SSG2FDLJMA57

And GroK

[(?[\d\w/\s/\d:+]+)] %{LOGLEVEL:level} %{GREEDYDATA:line}

The same is working fine while running on https://grokdebug.herokuapp.com/

But when I implement the same grok on logstash filter.cong it dosen't work. Any idea about this?
Even there is no error msg as well.

This is what I have in my filter.conf file:

filter {
    grok {
      match => { "message" => "\[(?<time1>[\d\w\/\s\/\d\:+]+)\] %{LOGLEVEL:level} %{GREEDYDATA:line}"}
    }
}

Try

"\[(?<time1>[\d\w/\s/:]+)\] %{LOGLEVEL:level} %{GREEDYDATA:line}"

That gets me

     "level" => "INFO",
     "time1" => "17/May/2020 14:53:45",
      "line" => "[accounts.views.login:278] Registration failed: Invalid Referral Code. Please check your code and retry, SSG2FDLJMA57"

I tried this but doesn;t work for me. Even not working on grok debugger as well.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.