Regex Pattern to fetch field from message

HI Team,
I'm trying to fetch some key field from my message and i need pattern to match exact keyword.

i need UserID and User agent matching pattern

[INFO ] 2022-12-05 17:20:45:409 Logger - 365 Service Request: <mark>UserID</mark>: 115329, UserAgent: Mozilla/5.0 (Linux; Android 8.0.0; SM-A600FN Build/R16NW; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/107.0.5304.105 Mobile Safari/537.36 [edgeConnectSmartHybrid], sessionId: _kQVyP0iodE4jj8KJumr6Wd7C59X0FsVpZoE9j22, ipAddress: xx.xx.xx.xx, serverId: 1-1, Invoking method: getHasAccountForROIFunctions on object, class:Customer

Assuming that you are looking for a base 10 number and an irregular text string respectively, this grok works for your given sample:

grok {
       match => {"message" => "\A%{GREEDYDATA}UserID</mark>: (?<userId>%{BASE16NUM}|), UserAgent: (?<userAgent>%{GREEDYDATA}), sessionId%{GREEDYDATA}\Z" 
}

You can play around with your data on some grok tester like https://grokconstructor.appspot.com/do/match.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.