Parse multi line application log

Elastic Stack Logstash
1

Hello all,
I am new for elk stack. I try to parsing application using grok -> using grok debugger for creating grok pattern but on grok debugger is alert me about miss match.

the my log pattern is outlined below

[2019-01-14 00:20:55] :high: AApi.INFO: *HTTP 200:* GET https://uat-api.mycom.tech/v2/id/1-208991585 \*Response Body:\* \``{"firstName":{"en":"air","th":"air"},"lastName":{"en":"STAGING","th":"STAGING"},"DateNo":"2011010003434345","totalBP":18945,"eBP":0,"eBPY":0,"eP":18945,"eDate":"2020-12-31"}```

[2019-01-14 00:20:55] :memo: BApi.INFO: HTTP 200: GET https://uat-api.mycom.tech/v2/id/5-212132135
*Response Body:*
{"firstName":{"en":"air","th":"air"},"lastName":{"en":"STAGING","th":"STAGING"},"DateNo":"2011010003434345","totalBP":18945,"eBP":0,"eBPY":0,"eP":18945,"eDate":"2020-12-31"}
*Response Body:*
```{"firstName":{"en":"air","th":"air"},"lastName":{"en":"STAGING","th":"STAGING"},"DateNo":"2011010003434345","totalBP":18945,"eBP":0,"eBPY":0,"eP":18945,"eDate":"2020-12-31"}```

[2019-01-14 00:20:55] :low: CApi.INFO: HTTP 200: GET https://uat-api.mycom.tech/v2/id/5-212132135
*Response Body:*
```{"firstName":{"en":"air","th":"air"}```

[2019-01-14 00:20:55] :error: DApi.INFO: HTTP 200: GET https://uat-api.mycom.tech/v2/id/5-212132135
*Response Body:*
`````` `

My pattern that I creating in grok debugger is outline below

%{DATESTAMP:timestamp} :%{WORD:loglevel}: %{JAVACLASS}: \*%{WORD:protocol} %{Number:retcode}:\* %{WORD:method} %{URI}\S\*Response Body:\*\S\'\'\'%{WORD:msg}\'\'\' (\[(%{WORD:msg})?\])+

Regards

2

It is impossible to read your log format if you do not use the right markdown. Please edit your post, select the log entries, and click on </> in the toolbar above the edit panel.

3

Hello,
I finish to fix my post :slight_smile:

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.