Hi
I'm trying to parse a logline in grok but I can't get past the thread number in my log lines.
Example logline:
428 31/05/2017 08:11:53.243 T[63] INFO Service.Internal.ReturnUserType INTERNAL\test_cf --+End of method
My grok till this issue
%{NUMBER:linenumber} (?<datestamp>%{MONTHDAY}/%{MONTHNUM}/%{YEAR} %{TIME})
I tried for example (?<thread>T[%{NUMBER}]) but this doesn't work.
What am I doing wrong? Thanks in advance!
Found the solution. I had to escape the brackets.
So the following grok fixed it for me:
(?<thread>T\[%{NUMBER}\])
I suppose [ and ] is a special charater, jsut escape it.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.