I'm trying to extract some fields from this log entry:
2021-07-26 16:45:59.4640|0|WARN|LoggerTestASP.Controllers.WeatherForecastController|NEW_FROM_NLOG: 67b9de16-47a1-4308-a163-263f5f06e841, Hola Pola, 11/26/2017 16:45:59 |url: https://localhost/WeatherForecast|action: GetAll|LoggerTestASP.Controllers.WeatherForecastController.GetAll| body:
I only need the first field (timestamp), the second and third fields as custom, and the remaining as a message.
I tried this in logstash filter:
filter {
grok {
match => {"message" =>"%{'yyyy-MM-dd HH:mm:ss.SSSZ':tstmp}|%{NUMBER:myevent}|%{WORD:mylevel}*"}
}
}
I'm totally new to Elasticsearch, and not familiar with filtering , tried some online example but couldn't find similar format : 'yyyy-MM-dd HH:mm:ss.SSSZ'
The output (in Kibana) only recognizes myevent, and get its value as 2021, my guess is that it failed to extract the datetime , so second filter (myevent) gets the first "NUMBER" as its value