Matching log.file.path with Grok

Maria_Daniel · June 3, 2020, 11:05pm

Hello!

So, I'm trying to use the log filename to generate a new field that is searchable on Kibana.

Currently I have this on my logstash pipeline:

    if "delivery_conn_results" in [tags] {
	grok {
		match => { 
                "log.file.path" => "/var/log/conn/(?<d1>.)/(?<d2>.)/(?<message_token>.*(?=\.))"
            }
		add_tag =>  [ "my_parsed_tag" ]
	}
	
	}

And this is the kind of file path I have:

    /var/log/conn/D/D/DD9A0BDC-D620-4705-9E63-A762AA7D8FA6.results

I've used grokconstructor to test the pattern and it should work. However, i'm getting a _grokparsefailure.

What should I do?

Thanks in advance!

Maria_Daniel · June 3, 2020, 11:28pm

Hi again!

I changed it to:


match => { 
                "[log][file][path]" => "/var/log/conn/(?<d1>.)/(?<d2>.)/(?<message_token>.*(?=\.)).results"
            }

It works now! So I just had to use [log][file][path] instead of log.file.path.

system · July 1, 2020, 11:29pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Match log.file.path in Grok Logstash	3	3490	May 18, 2019
Grok filter not working to capture filename Logstash	2	1827	July 27, 2017
Grok filter not parsing path Logstash	3	597	October 12, 2020
Grok pattern doesn't match path Logstash	6	385	March 9, 2020
Extracting filename from log.file.path not working Logstash	9	11655	April 2, 2020

Matching log.file.path with Grok

Related topics