I'm having issues with Pattern matching with Logstash.
Sample log pattern
[DEBUG] 2021-09-13T23:58:24.361 [http-nio-8080-exec-1] [FB-3D] localhost - [i.i.i.a.f.AuthFilter] :: doFilter :: formName B-3D
Grok Pattern that works
\s?\[%{DATA:loglevel}\] %{TIMESTAMP_ISO8601:logts} \[%{DATA:threadname}\] \[?%{DATA:formname}\] %{DATA:podname} %{DATA:filler1} \[%{DATA:classname}\] %{GREEDYDATA:fullmesg}
For the sample log mentioned above, the above grok pattern works fine. But I have some log files where the fourth field does not exist 'not even the empty . I want to know how to handle the same.
Sample log (which is not working using the above pattern)
[DEBUG] 2021-09-13T23:58:22.633 [http-nio-8080-exec-1] localhost - [i.i.i.a.f.AuthFilter] :: Requested going to check the
In the above case, the fourth field [?%{DATA:formname}] does not exist. With the optional condition included in the above grok pattern for formname, it still does not work. It expects the presence of an empty field. Is there a way to make the 4th field optional?. I.e pattern to accomodate even if the field does not exist.
Any help on this is much appreciated.
Thanks in Advance