Need some help with custom grok pattern

Hello,

I'm working on a filter to make sense out of equipment logs I have but I'm stuck because of my own incompetence. Are there any resources online that explain, on a idiot level, how to write patterns? I've looked at the doc page and the Oniguruma page but that is not enough for me.

Log snippet:

Limit Switch Status: Error message
Motor Status: Error message 2
>ERROR: Error message 3 
+$GPRMC,11111.2222,A,3333.4444,N,11111.22222,E,22.33,4444.555,666666,,,D*5B
+*** ERROR: Error message 4 ***

Something like (?< ERROR>.$) only works half (minus the space, error gets removed by the forum otherwise). It picks up the first error, but not the second and it only shows the last letter of the error. I've tried adding things such as ^ and $ to mark beginning and ending but no joy.

Does anybody have any pointers on how I can create fields and values based on the above? Links to resources with basic examples for new users are welcome as well. I tried searching but haven't really found anything offering good explanations.

I agree! If there was a portal or some editor where we can write custom regex ( Oniguruma) and test it against the log files, it would be great.
Something similar to:

https://regex101.com/

I think http://grokdebug.herokuapp.com/ does custom regex (it kinda worked with the example I posted) but that still means you need to know HOW to write regex, that is the problem I'm having

You might be able to use the grok debugger available in X-Pack.

Debugging is not the biggest problem, my incompetence is hehe. I suppose the xpack debugger won't write the filter for me?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.