Multiple Grok patterns or can I use Regex?

IshanP1 · January 13, 2020, 10:07pm

I am making a centralised syslogging server. Do i have to make a different grok filter for every single different format of syslog or can I use something like regex to pick out certain elements of a log?

Dec 16 15:01:13 172.20.x.xx NPF_OLT_LAB05: service "403
for ONT: "10002" - ONT needs restart at 2019/12/16 15:01:13.39 ONT message: "Backup files exist"

I have the grok pattern for the above log, but my question is - would I have to make a separate pattern layout for each different log layout, or can I use something like Regex to pick out key words ie: ONT "10002" and thus save time making separate patterns for everything.

Thank you!

Ramicoh · January 13, 2020, 10:37pm

I know this isn't a direct answer to your question, but if you're into Grok You may also want to have a look at some open source parsers, such as https://github.com/empow/logstash-parsers/. Almost every parser published there uses the Grok processor and as they say - there's no need to reinvent the wheel

system · February 10, 2020, 10:37pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Grok Filter Pattern Clarification Logstash	2	209	July 24, 2018
Multiple grok pattern, really multiple? Logstash	2	211	April 28, 2022
Logstash and Grok Matching Logstash	11	360	July 3, 2019
Grok Patterns - Quick question Logstash	1	285	January 9, 2019
Using regex grouping and logical OR in a Grok Pattern Logstash	3	14139	July 6, 2017

Multiple Grok patterns or can I use Regex?

Related topics