Need some support to create custom grok filter to parse the log file


(viuha8) #1

Need some advice to create custom grok filter inorder to parse application specific log.

Our log format looks like

2017-08-29 14:49:28 INFO Logger:? - 'ApplicationName':string, 'EventStatus':string, 'SeverityLevel':string, 'EventTime':string, 'ErrorDescription':string, 'ErrorCode':string, 'IsSecurityIncident':string, 'UrlRequested':string, 'MethodName':string, 'CurrentUser':string, 'RequestedIp':string, 'TransactionId':string, 'ActionMethod':string, 'MessageFormat':string, 'MessageParameters':{}

We are using windows server 2008 R2 OS and Logstash 5.5.2 version.


(Magnus Bäck) #2

Looks like a job for the kv filter. Use a grok filter to extract the timestamp and the loglevel (and perhaps the logger name) into discrete fields and stuff the rest of the log message into a field that you feed to a kv filter.


(viuha8) #3

thanks for your guidance and support. Using Grok filter itself , i am able to complete this parsing task.

Also is there any way we can monitor the SSIS Package execution log file data using ELK.


(Magnus Bäck) #4

Also is there any way we can monitor the SSIS Package execution log file data using ELK.

Probably but I don't know anything about that kind of log.


(system) #5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.