Request help with a grok filter pattern for date

RaviSidhu · September 20, 2016, 9:45am

Hi All,

I have a csv log file with column names and a sample record as

access_date,clientIP,Col1, Col2, Col3, Col4_uri_path, col5_referrer,col6_response, col7_hit_count,col8_referrer

'13/Jan/2016:22:57:38','111.222.333.444','String1','String2','String3, optional_substring4','substring5/substring6/substring7/substring8','','200','1',''

My grok filter is
grok {
match => { "message" => "%{MONTHDAY}/%{MONTH}/%{YEAR}:%{TIME} %{IPORHOST:clientip} %``{NOTSPACE:Col1} %{NOTSPACE:Col2} %{NOTSPACE:Col3} %{URIPATHPARAM:Col4_uri_path} %``{QS:Col5_referrer} %{NUMBER:Col6_response} %{NUMBER:Col7_hit_count} %{QS:col8_referrer}" }
}

I get a [0] "_grokparsefailure" error. Could you please help me with the pattern?

Thank you for all the help.

Best regards,

magnusbaeck · September 20, 2016, 8:05pm

Why not use a csv filter to parse this CSV data?

RaviSidhu · September 26, 2016, 10:55am

Thank you! I tried using the csv filter and it worked much better. Actually I didn't know of the csv filter and I had used grok filter once before, so I stuck to grok.

Best regards,