Mysqld grok

szgaljic · October 29, 2018, 7:28pm

Example mysqld lines:

2015-06-02 16:27:31 10013 [Note] Blah
2017-09-08T18:39:29.306811Z 281026 [Note]  - Blah

My grok pattern:

MYSQLD_LINE %{TIMESTAMP_ISO8601:[mysql][error][timestamp]}%{SPACE}%{NUMBER:[mysql][error][thread_id]}%{SPACE}\[%{WORD:[mysql][error][level]}\]%{SPACE}%{GREEDYDATA:[mysql][error][message1]}

grokdebug.herokuapp.com claims this grok is good for both lines but when passed to logstash the second one (with the timezone timestamp) doesn't get parsed at all and logstash drops it on the floor. Logstash doesn't match the TIMESTAMP_ISO8601 but it seems as though it should.

Any thoughts?

system · November 26, 2018, 7:30pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Pattern for the Below Timestamp Logstash	4	452	May 25, 2017
Grok pattern for date Logstash	6	1753	June 13, 2019
Python log Logstash grok filter Logstash	4	3528	March 22, 2018
Timestamp pattern not working for logstash filtering Logstash	2	234	November 2, 2022
Grok: Pattern appears to be matching but not creating new fields Logstash	4	2034	July 6, 2017

Mysqld grok

Related topics