Samples of grok filter

Elastic Stack Logstash
1

Hello folks,

Being new to ELK, I struggled to understand from the following sample grok filter script which reads Apache log file as shown in the picture. I want to find out from this forum if there are any good samples of grok filter for me to practice and go over them.

    filter{    	
	
	grok{
			match=>["message",'%{IPORHOST:ClientIPAddress} %{USER:userID} %{USER:Authorization} \[%{HTTPDATE:timestamp}\] "%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:versionnumber}" %{NUMBER:response:int} %{NUMBER:bytesint} %{QS:aaa} %{QS:agent}']
	}	
	
	date{
		match=>["timestamp","dd/MMM/YYYY:HH:mm:ss Z"]
		locale=>en
	}
	   geoip{![2018-03-17_19-23-29|690x112](upload://eXBxvNjDgQkL4psiBhX6GJeBwml.jpg)
		   source=>"ClientIPAddress"
	     }
    }

2018-03-17_19-23-29
2018-03-17_19-23-29.jpg819×134 62.9 KB

2

Hi @jason_smith, would it help if I posted a step by step of how I approach writing a grok pattern?

3

This is a good post from @jsvd , and it links to a list of examples in github:

1 Like
4

Dan, I learnt it now. First of all I wasn't good at Regular expressions. I did a course on that Regex and I started looking at Grok. It is kind of making sense now.

Thank You and Kind regards

1 Like
5

Great, have fun and post again if you need a hand.

6

Appreciate your help and I have to say this.

This forum is awesome!!! I tried to get answers from stackoverflow.com They have tonnes or rules about what questions to ask and all. that sucks.

1 Like
7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.