Logstash syslog input filter default grok patterns

rugenl · July 18, 2022, 6:21pm

What are the default grok patterns for the syslog input filter?

The data is from old snare, failing messages are formatted something like this:

<135> 07/18/2022:18:14:52 GMT HOSTNAME syslog_message.

Thanks

Badger · July 18, 2022, 6:54pm

The default value depends on ecs_compatibility. It is set here. The SYSLOGLINE pattern is defined either here or here. I very much doubt it will match that date format with a timezone. You will need to write your own pattern.

Topic		Replies	Views
How to use custom grok pattern for syslog input Logstash	1	355	June 4, 2020
GROK pattern for syslogs Logstash	4	9699	October 13, 2021
Logstash GROK parse for syslog Logstash	4	2382	June 14, 2017
Date parsing logstash Logstash	5	253	January 30, 2024
Help grokking a syslog Logstash	7	1508	January 3, 2018

Logstash syslog input filter default grok patterns

Related topics