Parsing IRC Logs

moep · April 1, 2024, 6:35pm

Im running an ELK-Stack in Docker and my goal is, to parse and filter my IRC logs, for learning.

2024-04-01 20:25:02     me foo
2024-04-01 20:25:46     me bar

I found some logstash related stuff on Github. I guess the input and output part is similar, but I don't understand the filter related part. Do you have maybe some suggestions? I mean it's some years old.

thx
moep

leandrojmp · April 1, 2024, 7:43pm

You can check the configuration examples from the documentation to understand how logstash works.

And then the filters documentation to see which filters are available.

How you will parse depends on what you want to do with the data and how the message looks like.

Rios · April 2, 2024, 1:17pm

Few more tips:

Do you grok Grok? | Elastic Blog
IRC grok pattern is simple: timestamp, username, message. Can be something like this: %{TIMESTAMP_ISO8601:timestamp}\s+%{NOTSPACE:username}\s+%{GREEDYDATA:ircmessage}
in your case csv and dissect are also suitable for use

system · April 30, 2024, 1:17pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Parse docker logs with logstash Logstash	5	1609	August 10, 2017
Parse logs Logstash	12	3262	July 6, 2017
Filter Grok Logstash	7	523	June 4, 2018
Need help with grok filtering Logstash	16	492	September 5, 2018
Help with filtering message based on regex Logstash	3	463	April 8, 2021

Parsing IRC Logs

Related topics