Matching log.file.path with Grok

Maria_Daniel · June 3, 2020, 11:05pm

Hello!

So, I'm trying to use the log filename to generate a new field that is searchable on Kibana.

Currently I have this on my logstash pipeline:

    if "delivery_conn_results" in [tags] {
	grok {
		match => { 
                "log.file.path" => "/var/log/conn/(?<d1>.)/(?<d2>.)/(?<message_token>.*(?=\.))"
            }
		add_tag =>  [ "my_parsed_tag" ]
	}
	
	}

And this is the kind of file path I have:

    /var/log/conn/D/D/DD9A0BDC-D620-4705-9E63-A762AA7D8FA6.results

I've used grokconstructor to test the pattern and it should work. However, i'm getting a _grokparsefailure.

What should I do?

Thanks in advance!

Maria_Daniel · June 3, 2020, 11:28pm

Hi again!

I changed it to:


match => { 
                "[log][file][path]" => "/var/log/conn/(?<d1>.)/(?<d2>.)/(?<message_token>.*(?=\.)).results"
            }

It works now! So I just had to use [log][file][path] instead of log.file.path.

system · July 1, 2020, 11:29pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Match log.file.path in Grok Logstash	3	3415	May 18, 2019
Grok filter not parsing path Logstash	3	561	October 12, 2020
Correct syntax for log.file.path Elastic Stack	1	312	November 4, 2022
Logstash - match filename Logstash	2	353	September 3, 2020
Get the name of the log file and create a tag or a custom field with that value Logstash	2	274	June 25, 2021

Matching log.file.path with Grok

Related Topics