Read Particular line from log File

richagautam · June 21, 2017, 9:45am

Hi ,

I have to read 3 different lines from log files based on some text and then output the fields in a csv file.

sample log data:-

20110607 095826 [.] !! Begin test. Script filename/text.txt
20110607 095826 [.] Full path: filename/test/text.txt
20110607 095828 [.] FAILED: Test Failed()..

i have to read file name after !!Begin test. Script. this is my conf file

input
{
beats{

port => 5443
ssl => true
ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
type => "og"
}

}

filter {
if [type] == "log" {

grok

{
match => {"message" => "%{BASE10NUM:Date}%{SPACE:pat}%{BASE10NUM:Number}%{SPACE:pat}[.]%{SPACE:pat}%{SPACE:pat}!! Begin test. Script%{SPACE:pat}%{GREEDYDATA:file}"}
overwrite => ["message"]
}

if "_grokparserfailure" in [tags]
{
drop{}
}
}
}

output {

file{
path => "/output/logstash/File12.txt"
codec => "json"
}

stdout { codec => "json" }
}

but its not giving me single record, its parsing full log file in json format no parsed field
.

Please advice i think i am missing some basic concept of logstash

Thanks
Richa

richagautam · June 23, 2017, 9:27am

Hi,

Issue has resolved , grok does not read %{SPACE} pattern.

new grok pattern.

{"message" => "%{BASE10NUM:Date} %{BASE10NUM:Number} !! Begin test. Script%
{GREEDYDATA:file}"}

now i am getting the exact output

Thanks

system · July 21, 2017, 9:27am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Read different lines of single log file having different pattern Logstash	3	563	July 21, 2017
Grok pattern to read the testname in a multiline logfile Logstash	2	560	July 6, 2017
Logstash file read basic question Logstash	3	747	July 6, 2017
Grok filter for application logs Logstash	1	327	March 12, 2018
Dynamic Parsing with Grok Logstash	6	1381	February 13, 2019

Read Particular line from log File

Related topics