Logstash grokparsefailure - message pattern problem

Elastic Stack Logstash
1

Hi,

I am trying to parse the following message;

##SEVERE 05-Jan-2017 06:02:25.562 Fatal error##

I am using grok in Logstash like below;

filter {
	grok {
		match => { "message" => "^##(?<severity>(SEVERE|INFO|WARN)) (?:%{SYSLOGTIMESTAMP:timestamp}) %{GREEDYDATA:errorname}##" }
 	}
}

This gives me a _grokparsefailure

How can I fix this?
Thank you.

2

SYSLOGTIMESTAMP is defined like this:

Your timestamp clearly doesn't match that pattern. Try %{MONTHDAY}-%{MONTH}-%{YEAR} %{TIME} instead.

3

WOW.. it worked.. Thank you so much @magnusbaeck :slight_smile:

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.