Parsing Console Logs

Elastic Stack Logstash
1

Hi, i need to parse some logs from a console. and as it is shown next the log message is not uniforme.
and what i need to grok is the last message for example: " --> Wrapper Started as Console".

  STATUS | wrapper  | main    | 2016/03/06 19:30:45.531 | --> Wrapper Started as Console
  STATUS | wrapper  | main    | 2016/03/06 19:30:45.687 | Java Service Wrapper Standard Edition 64-bit 3.5.24
  STATUS | wrapper  | main    | 2016/03/06 19:30:45.687 |     http://wrapper.tanukisoftware.com

is there a way to grok the rest of line? because the first part of the line is uniform so i can make a specific grok format.

Thank you , i really need an answer.

1 Like
2

One typically uses the GREEDYDATA pattern which matches everything.

For this particular log you might be able to use a csv filter instead of grok. Probably easier to configure and almost certainly faster.

1 Like