Parsing IRC Logs

moep · April 1, 2024, 6:35pm

Im running an ELK-Stack in Docker and my goal is, to parse and filter my IRC logs, for learning.

2024-04-01 20:25:02     me foo
2024-04-01 20:25:46     me bar

I found some logstash related stuff on Github. I guess the input and output part is similar, but I don't understand the filter related part. Do you have maybe some suggestions? I mean it's some years old.

thx
moep

leandrojmp · April 1, 2024, 7:43pm

You can check the configuration examples from the documentation to understand how logstash works.

And then the filters documentation to see which filters are available.

How you will parse depends on what you want to do with the data and how the message looks like.

Rios · April 2, 2024, 1:17pm

Few more tips:

Do you grok Grok? | Elastic Blog
IRC grok pattern is simple: timestamp, username, message. Can be something like this: %{TIMESTAMP_ISO8601:timestamp}\s+%{NOTSPACE:username}\s+%{GREEDYDATA:ircmessage}
in your case csv and dissect are also suitable for use

Topic		Replies	Views
Logstash parsen logfiles Logstash elastic-stack-monitoring	0	235	March 28, 2021
Parse docker logs with logstash Logstash	4	1661	July 13, 2017
Unable to Parse logs using filter{} in Logstash Logstash	0	489	June 14, 2016
Grok parsing log failed! Logstash	0	1227	August 27, 2015
Parsing different messages using different filters Logstash	1	536	April 25, 2017

Parsing IRC Logs

Related topics