Please, I need help with grok patterns

Badger · February 6, 2020, 8:24pm

When I run

input { generator { count => 1 lines => [ 'Output: Export (1)
Export name: test123
Export file format: salesforce
Amount requested: 1

Last balance: 43087128
Current balance: 43087127

Searched fields and terms:
    Identifiers: 04475444000129



' ] } }
filter {
    grok {
        match => {
            "message" => "Output: %{DATA:output}\\nExport name: %{DATA:export_name}\\nExport file format: %{DATA:export_file_format}\\nAmount requested: %{DATA:amount_requested}\\n\\nLast balance: %{DATA:last_balance}\\nCurrent balance: %{DATA:current_balance}\\n\\nSearched fields and terms: %{DATA:search}\\n\\tIdentifiers: %{DATA:identifiers}\\n%{GREEDYDATA}"
        }
    }
}
output { stdout { codec => rubydebug { metadata => false } } }

It works fine for me...

       "identifiers" => "04475444000129",
"export_file_format" => "salesforce",
       "export_name" => "test123",

etc. I suggest you read this.

Topic		Replies	Views
Grok pattern OK in debugger, but parse failure in logstash Logstash	5	739	March 25, 2020
_grokparsefailure but grok debugger looks good Logstash	18	2815	August 19, 2021
_grokparsefailure inspite of working well with grok debugger Logstash	10	1767	May 4, 2019
Grok on logstash not working, but working on grokdebugger Logstash	2	641	February 5, 2018
GROK: help with pattern Logstash	4	257	June 17, 2021

Please, I need help with grok patterns

Related topics