Need some support to create custom grok filter to parse the log file

Need some advice to create custom grok filter inorder to parse application specific log.

Our log format looks like

2017-08-29 14:49:28 INFO Logger:? - 'ApplicationName':string, 'EventStatus':string, 'SeverityLevel':string, 'EventTime':string, 'ErrorDescription':string, 'ErrorCode':string, 'IsSecurityIncident':string, 'UrlRequested':string, 'MethodName':string, 'CurrentUser':string, 'RequestedIp':string, 'TransactionId':string, 'ActionMethod':string, 'MessageFormat':string, 'MessageParameters':{}

We are using windows server 2008 R2 OS and Logstash 5.5.2 version.

Looks like a job for the kv filter. Use a grok filter to extract the timestamp and the loglevel (and perhaps the logger name) into discrete fields and stuff the rest of the log message into a field that you feed to a kv filter.

thanks for your guidance and support. Using Grok filter itself , i am able to complete this parsing task.

Also is there any way we can monitor the SSIS Package execution log file data using ELK.

Also is there any way we can monitor the SSIS Package execution log file data using ELK.

Probably but I don't know anything about that kind of log.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.