Matching log.file.path with Grok

Maria_Daniel · June 3, 2020, 11:05pm

Hello!

So, I'm trying to use the log filename to generate a new field that is searchable on Kibana.

Currently I have this on my logstash pipeline:

    if "delivery_conn_results" in [tags] {
	grok {
		match => { 
                "log.file.path" => "/var/log/conn/(?<d1>.)/(?<d2>.)/(?<message_token>.*(?=\.))"
            }
		add_tag =>  [ "my_parsed_tag" ]
	}
	
	}

And this is the kind of file path I have:

    /var/log/conn/D/D/DD9A0BDC-D620-4705-9E63-A762AA7D8FA6.results

I've used grokconstructor to test the pattern and it should work. However, i'm getting a _grokparsefailure.

What should I do?

Thanks in advance!

Maria_Daniel · June 3, 2020, 11:28pm

Hi again!

I changed it to:


match => { 
                "[log][file][path]" => "/var/log/conn/(?<d1>.)/(?<d2>.)/(?<message_token>.*(?=\.)).results"
            }

It works now! So I just had to use [log][file][path] instead of log.file.path.

system · July 1, 2020, 11:29pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Match log.file.path in Grok Logstash	3	3419	May 18, 2019
Unable to get filename pattern from log.file.path value Logstash	3	629	November 19, 2019
Grok filter not working to capture filename Logstash	2	1796	July 27, 2017
Correct syntax for log.file.path Elastic Stack	1	312	November 4, 2022
Grok and match windows path Logstash	4	2369	June 30, 2019

Matching log.file.path with Grok

Related topics