Read Particular line from log File

richagautam · June 21, 2017, 9:45am

Hi ,

I have to read 3 different lines from log files based on some text and then output the fields in a csv file.

sample log data:-

20110607 095826 [.] !! Begin test. Script filename/text.txt
20110607 095826 [.] Full path: filename/test/text.txt
20110607 095828 [.] FAILED: Test Failed()..

i have to read file name after !!Begin test. Script. this is my conf file

input
{
beats{

port => 5443
ssl => true
ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
type => "og"
}

}

filter {
if [type] == "log" {

grok

{
match => {"message" => "%{BASE10NUM:Date}%{SPACE:pat}%{BASE10NUM:Number}%{SPACE:pat}[.]%{SPACE:pat}%{SPACE:pat}!! Begin test. Script%{SPACE:pat}%{GREEDYDATA:file}"}
overwrite => ["message"]
}

if "_grokparserfailure" in [tags]
{
drop{}
}
}
}

output {

file{
path => "/output/logstash/File12.txt"
codec => "json"
}

stdout { codec => "json" }
}

but its not giving me single record, its parsing full log file in json format no parsed field
.

Please advice i think i am missing some basic concept of logstash

Thanks
Richa

richagautam · June 23, 2017, 9:27am

Hi,

Issue has resolved , grok does not read %{SPACE} pattern.

new grok pattern.

{"message" => "%{BASE10NUM:Date} %{BASE10NUM:Number} !! Begin test. Script%
{GREEDYDATA:file}"}

now i am getting the exact output

Thanks

system · July 21, 2017, 9:27am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.