Parse out Two Fields from Multiline data in Logstash coming from Filebetes


(vinay) #1

I have huge message chunk's coming out from filebetes . each message chunk has multiple below messages

OUTPUT>
OUTPUT>===============================================
OUTPUT> HiveFilterPDO_ExternalSource
OUTPUT> Tests run: 1, Failures: 0, Skips: 0
OUTPUT>===============================================
OUTPUT>

I need to parse out suppose " HiveFilterPDO_ExternalSource" as testcase name and "Tests run: 1, Failures: 0, Skips: 0" as new field Passed \failed of the failure is 0\1 in the text.

I am new to grok filters and not sure how to do so. can some body help me on this.

Thanks in Advance.
Vinay


(vinay) #2

I got the reply and the below are the grok that I used:
OUTPUT>=*\nOUTPUT>\s%{DATA:testcasedata}\n

Failure Case:
\sTests\srun:\s\d*,\s%{DATA:failuredata},\sSkips:\s\d*\n

Thanks
Vinay


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.