Request help with a grok filter pattern for date

RaviSidhu · September 20, 2016, 9:45am

Hi All,

I have a csv log file with column names and a sample record as

access_date,clientIP,Col1, Col2, Col3, Col4_uri_path, col5_referrer,col6_response, col7_hit_count,col8_referrer

'13/Jan/2016:22:57:38','111.222.333.444','String1','String2','String3, optional_substring4','substring5/substring6/substring7/substring8','','200','1',''

My grok filter is
grok {
match => { "message" => "%{MONTHDAY}/%{MONTH}/%{YEAR}:%{TIME} %{IPORHOST:clientip} %``{NOTSPACE:Col1} %{NOTSPACE:Col2} %{NOTSPACE:Col3} %{URIPATHPARAM:Col4_uri_path} %``{QS:Col5_referrer} %{NUMBER:Col6_response} %{NUMBER:Col7_hit_count} %{QS:col8_referrer}" }
}

I get a [0] "_grokparsefailure" error. Could you please help me with the pattern?

Thank you for all the help.

Best regards,

magnusbaeck · September 20, 2016, 8:05pm

Why not use a csv filter to parse this CSV data?

RaviSidhu · September 26, 2016, 10:55am

Thank you! I tried using the csv filter and it worked much better. Actually I didn't know of the csv filter and I had used grok filter once before, so I stuck to grok.

Best regards,

Topic		Replies	Views
Simple parsing in logstash Logstash	8	530	April 6, 2017
Need help with the grok and the date filter for parsing logs Logstash	29	2720	July 25, 2017
CSV Filter help Logstash	4	859	July 6, 2017
Logstash Date Filter Not Recognizing the pattern Logstash	2	376	February 12, 2019
Grok regex help Logstash	2	256	August 9, 2018

Request help with a grok filter pattern for date

Related topics