Need some support to create custom grok filter to parse the log file

viuha8 · September 2, 2017, 4:30pm

Need some advice to create custom grok filter inorder to parse application specific log.

Our log format looks like

2017-08-29 14:49:28 INFO Logger:? - 'ApplicationName':string, 'EventStatus':string, 'SeverityLevel':string, 'EventTime':string, 'ErrorDescription':string, 'ErrorCode':string, 'IsSecurityIncident':string, 'UrlRequested':string, 'MethodName':string, 'CurrentUser':string, 'RequestedIp':string, 'TransactionId':string, 'ActionMethod':string, 'MessageFormat':string, 'MessageParameters':{}

We are using windows server 2008 R2 OS and Logstash 5.5.2 version.

magnusbaeck · September 3, 2017, 6:46pm

Looks like a job for the kv filter. Use a grok filter to extract the timestamp and the loglevel (and perhaps the logger name) into discrete fields and stuff the rest of the log message into a field that you feed to a kv filter.

viuha8 · September 7, 2017, 3:27pm

thanks for your guidance and support. Using Grok filter itself , i am able to complete this parsing task.

Also is there any way we can monitor the SSIS Package execution log file data using ELK.

magnusbaeck · September 8, 2017, 6:08am

Also is there any way we can monitor the SSIS Package execution log file data using ELK.

Probably but I don't know anything about that kind of log.

system · October 6, 2017, 6:08am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Grok Custom filter Logstash	4	360	November 7, 2018
Custom log file Filtering Logstash	4	450	March 7, 2018
Custom logging format Logstash	2	510	July 6, 2017
Grok filter for log4j logs inorder to parse messages from logs Logstash	5	8972	February 22, 2017
Custom grok filter Logstash	4	254	September 20, 2021

Need some support to create custom grok filter to parse the log file

Related topics