Multiple Grok patterns or can I use Regex?

I am making a centralised syslogging server. Do i have to make a different grok filter for every single different format of syslog or can I use something like regex to pick out certain elements of a log?

Dec 16 15:01:13 172.20.x.xx NPF_OLT_LAB05: service "403
for ONT: "10002" - ONT needs restart at 2019/12/16 15:01:13.39 ONT message: "Backup files exist"

I have the grok pattern for the above log, but my question is - would I have to make a separate pattern layout for each different log layout, or can I use something like Regex to pick out key words ie: ONT "10002" and thus save time making separate patterns for everything.

Thank you!

I know this isn't a direct answer to your question, but if you're into Grok You may also want to have a look at some open source parsers, such as https://github.com/empow/logstash-parsers/. Almost every parser published there uses the Grok processor and as they say - there's no need to reinvent the wheel

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.