I am having a grok issue. I have a log like below
Login Success [user: jsaver] [Source: 10.110.20.58]
How can I parse the this log with grok filter ?
I am having a grok issue. I have a log like below
Login Success [user: jsaver] [Source: 10.110.20.58]
How can I parse the this log with grok filter ?
Here is an example to show how it works.
Sample Data - Login Success [user: jsaver] [Source: 10.110.20.58]
Pattern - %{DATA:action} %{DATA:outcome} \[user: %{USERNAME:user}\] \[Source: %{IPV4:source}\]
Result
{
"action": "Login",
"source": "10.110.20.58",
"user": "jsaver",
"outcome": "Success"
}
Thanks for the replay.
Is it possible to parse action and outcome together?
like "action": "Login Success"
Pattern
(?<action>%{WORD} %{WORD}) \[user: %{USERNAME:user}\] \[Source: %{IPV4:source}\]
Result
{
"action": "Login Success",
"source": "10.110.20.58",
"user": "jsaver"
}
thanks
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.