Parsing of dates is done after you split your input message into fields:
I still would strongly advise you to use the json filter to parse the json message in the input:
You get all your fields for free (instead of manually parsing them via grok:
filter {
json {
source => "cutJsonMessage"
}
}
what will cutJsonMessage do?
will it give the output as
txn_no FT23217XT7DM
txn_channel AGENT
debit_account_number
credit_account_number
??
cutJsonMessage is a field you should create via grok parsing - something similar like:
match => { "message" => '^\[%{LOGLEVEL}\].*\[%{GREEDYDATA:cutJsonMessage }\]$' }
json {
source => "cutJsonMessage"
}
As indicated multiple times, it will split your message in fields..
working...thanks chouben 
and if I want to add filters in multiple log files ..then what will be the syntax
input {
beats {
port => 5044
}
}
filter {
if "/var/log/BAOBABAPIModule.log" in [log][file][path] {
grok {
match => { "message" => '^%{GREEDYDATA}"Status":"%{WORD:Status}"%{GREEDYDATA}$' }
}
grok {
match => { "message" => '^%{GREEDYDATA}"TransactionNumber":"%{NUMBER:TransactionNumber}"%{GREEDYDATA}$' }
}
}
currently using this
I give up.. You are not even trying the solution suggested. We are +- 50 messages further.
I suggest you try "google" or search this forum 
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.