Syntax in filter Error log

juuuhuuu · February 14, 2020, 12:08pm

Hi

I am a bit struggling with the syntax in logstash. I would like to filter Log Level -Error.
In my .log I have something like timestamp applicationtest.Error messsage. Is it possible that i my errorlog I will see applicationtest.Error or just ERROR

I am using Grok filter:

grok{
match => {"message" => "%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:log-level}-%{GREEDYDATA:message}"}
}

but I can not see the Error log.

Thank You

andres-perez · February 14, 2020, 12:45pm

Hi,

please add examples of the exact log lines that you are using as input and the expected results that you want.

Probably some tests in https://grokdebug.herokuapp.com/ will help you to get your match patterns right.

juuuhuuu · February 14, 2020, 1:11pm

Thank you for your reply.

juuuhuuu · February 14, 2020, 1:42pm

log lines is : [2020-01-03 11:16:50] applicationtest.ERROR: message ahoj jak se mas

Badger · February 14, 2020, 4:51pm

You could dissect that

dissect { mapping => { "message" => "[%{timestamp}] %{something}.%{loglevel}: %{errormessage}" } }

juuuhuuu · February 15, 2020, 3:23pm

thank You very much .. ill try it

system · March 14, 2020, 3:36pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Problem with coding Grok filter Logstash	5	1014	July 5, 2017
How to filter only error from log file Logstash	10	17017	July 7, 2017
Using logstash, How to filter Errors only from logs? Logstash	10	15152	November 4, 2022
Passing only loglevel ERROR FROM LOG USING GROK FILTRATION Logstash	7	362	November 25, 2020
Python log Logstash grok filter Logstash	4	3516	March 22, 2018

Syntax in filter Error log

Related topics