Hi,
I am trying to parse the following message;
##SEVERE 05-Jan-2017 06:02:25.562 Fatal error##
I am using grok in Logstash like below;
filter {
grok {
match => { "message" => "^##(?<severity>(SEVERE|INFO|WARN)) (?:%{SYSLOGTIMESTAMP:timestamp}) %{GREEDYDATA:errorname}##" }
}
}
This gives me a _grokparsefailure
How can I fix this?
Thank you.
SYSLOGTIMESTAMP is defined like this:
Your timestamp clearly doesn't match that pattern. Try %{MONTHDAY}-%{MONTH}-%{YEAR} %{TIME} instead.
WOW.. it worked.. Thank you so much @magnusbaeck 
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.