Metatrader: How Parse Such Logs?

mzubairsaleem · September 12, 2020, 12:12pm

Hi,

0	23:35:01.102	Monitor	connections: 354  free memory: 3124552 kb  cpu: 3%  net: 0 Kbyte/s sockets: 513 threads: 71 handles: 1423
0	23:35:01.102	Monitor	max. memory block: 2064156 kb process cpu: 0%  net in: 0 Kbyte/s  net out: 0 Kbyte/s
2	23:35:06.914	14.122.168.78	'2000174629': login (1090, client, dc: 0, cid: 56a3e17fcb6e43473892d93c6993a39e, ping: 186 ms)
4	23:35:07.064	132.232.36.91	'2000179070': account disabled by group [ForexCN-USD]
2	23:35:09.537	103.100.29.64	'2000083124': login (1090, client, dc: 0, cid: 74e82115c1a3ae5b46f0fb2ba59b130b, ping: 75 ms)
2	23:35:11.253	103.100.29.64	'2000085413': login (1090, client, dc: 0, cid: 74e82115c1a3ae5b46f0fb2ba59b130b, ping: 50 ms)
2	23:35:16.097	14.122.168.78	'2000151289': login (1090, client, dc: 0, cid: 56a3e17fcb6e43473892d93c6993a39e, ping: 175 ms)
2	23:35:28.441	123.165.255.184	'2000178502': login (1090, client, dc: 2, cid: 8870175c23a7336489d3b905443cb057, ping: 150 ms)
2	23:35:33.888	192.229.22.167	'366': login (1134, datafeed, dc: 0)
2	23:35:39.552	103.100.29.64	'2000083124': login (1090, client, dc: 0, cid: 74e82115c1a3ae5b46f0fb2ba59b130b, ping: 75 ms)
2	23:35:41.198	103.100.29.64	'2000085413': login (1090, client, dc: 0, cid: 74e82115c1a3ae5b46f0fb2ba59b130b, ping: 45 ms)
2	23:35:41.498	138.44.64.114	'30017119': login (1090, client, dc: 0, cid: 9fd9ad16af1b0862eee5ae1a4caabc3a, ping: 25 ms)
2	23:35:42.990	168.1.122.171	'9': login (1090, dc, dc: 0)
2	23:35:44.439	77.224.88.206	'30024299': login (1090, client, dc: 2, cid: 6c73b6c38fa11fe3c95023a90f97dd21, ping: 250 ms)
0	23:35:46.563	FX LITE	terminal connections: 7  web/mobile connections: 0  allocated memory: 3350 kb
2	23:35:49.523	168.1.62.21	'28': login (1090, dc, dc: 0)
2	23:35:52.989	47.106.76.208	'2000176402': login (1090, client, dc: 0, cid: cd78552338ea525a01966b360aeae5ef, ping: 125 ms, investor)
0	23:36:01.105	Monitor	connections: 358  free memory: 3123388 kb  cpu: 3%  net: 0 Kbyte/s sockets: 513 threads: 71 handles: 1348

I tried many patterns, No Success , anyhelp will be appericated.

Badger · September 12, 2020, 2:41pm

I would take off the first two fields using then dissect, then use grok with an array of patterns to match each of the message types that you care about.

dissect { mapping => { "message" => "%{someNumber} %{someIP} %{[@metadata][restOfLine]}" }
grok {
    match => {
        "[@metadata][restOfLine]" => [
            "^%{IPV4:anotherIP} '%{NUMBER:anotherNumber}': login ...",
            "^Monitor connections: %{NUMBER:connections}  free memory: %{NUMBER:freeKB}  ..."
        ]
    }
}

mzubairsaleem · September 13, 2020, 11:56am

Thanks for Quick Response, But Second Value is Time with Milli Sec not IP

system · October 11, 2020, 11:56am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Metatrader, how parse this? Logstash	6	1576	October 31, 2019
How to parse this kind of logs Logstash	3	827	January 17, 2017
Any Idea Parsing it? Logstash	2	544	July 6, 2017
How to parse such log Logstash	8	531	May 1, 2018
Can anyone please help me how can i parse this firewall log? Logstash	10	449	July 24, 2019

Metatrader: How Parse Such Logs?

Related topics