Need help with logs

Smasell · August 5, 2015, 8:53am

Hi there!!!
I need to parse 2 field from:
CLIENT_LOG: User( ip: 109.132.225.96; user_id: 90221; name: 'GGG'; days_in_game: 1; pvp_rating: 0; provider: GooglePlay; device_model: 'samsung SM-G900F';). event_name: 'Mission_Start_BlaBlaBla';
scene: "Mission_Start"
level: "BlaBlaBla"
Please help

Raul_Uria · August 5, 2015, 9:29am

Try this for your grok filter:

^.*event_name: \'(?<scene>.*)_(?<level>.*?)\';

magnusbaeck · August 5, 2015, 9:59am

^.*event_name: \'(?<scene>.*)_(?<level>.*?)\';

This is dangerous since the first .* is greedy and could match more than desired. Prefer this:

event_name: '(?<scene>[^_]+)_(?<level>[^']+)'

This assumes that the scene name never contains an underscore.

Topic		Replies	Views
Having problems parsing data Logstash	4	305	February 18, 2021
Need help with Grok Logstash	5	243	August 2, 2019
Need Help Groking Logstash	3	304	March 31, 2020
How to regex urls with Grok Logstash	3	1015	December 1, 2022
Getting _grokparsefailure in identical docs Logstash	4	344	August 9, 2018

Need help with logs

Related topics