The below is the sample line from my log file, May i know how do i filter out only the processName and totalExecutionTime using logstash grok. Please help.
17:44:09.0083 Info {"message":"demo execution ended","level":"Information","logType":"Default","timeStamp":"2018-04-03T17:44:09.0053892+05:30","fingerprint":"546c70db-36c5-4ddf-bef5-473256331c88","windowsIdentity":"yuvaraja.kannan","machineName":"IN1LT0922","processName":"demo","processVersion":"1.0.6665.35345","fileName":"Extract_load_in_parallel_v1.0","jobId":"f302372f-ab80-4eee-a963-614a8c005bf7","robotName":"YUVARAJA.KANNAN","totalExecutionTimeInSeconds":34,"totalExecutionTime":"00:00:34"}
HI Jenni, Thanks for your input, I tried with JSON filter, but it only produces if my log file is in this format, i.e. without the timestamp and info at the starting,
{"message":"demo execution ended","level":"Information","logType":"Default","timeStamp":"2018-04-03T17:44:09.0053892+05:30","fingerprint":"546c70db-36c5-4ddf-bef5-473256331c88","windowsIdentity":"yuvaraja.kannan","machineName":"IN1LT0922","processName":"demo","processVersion":"1.0.6665.35345","fileName":"Extract_load_in_parallel_v1.0","jobId":"f302372f-ab80-4eee-a963-614a8c005bf7","robotName":"YUVARAJA.KANNAN","totalExecutionTimeInSeconds":34,"totalExecutionTime":"00:00:34"}
Well, you could get rid of that with gsub and a pattern like ^[^\{]*.
Did my suggestion for a grok pattern that only extracts the two desired fields work for you?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.