I have 3 lines of logs with different structure and i am constructing a grok pattern to filter the logs. But the pattern I have isn't working. Even when I use just the timestamp pattern, it doesn't match.
[2022-10-04 21:45:27,444: INFO/MainProcess] Events of group {task} enabled by remote
[2022-10-04 21:43:06,521: ERROR/MainProcess] consumer: Cannot connect to redis://10.0.13.57:6379/0: Error 111 connecting to 10.0.13.34:6379. Connection refused..
[2022-10-04 21:45:22 +0000] [3094] [INFO] Listening at: http://0.0.0.0:8793 (3094)
I am expecting:
timestamp:
loglevel:
message:
But as I mentioned, even when I use just the timestamp pattern below to test on grokdebugger, it doesn't match for any of the logs:
This is the current pattern i have: \[%{TIMESTAMP_ISO8601:timestamp}\]\:%{LOGLEVEL:loglevel}%{WORD: class} %{SPACE}%{GREEDYDATA:logMessage}
When / If you use the date filter to convert to a date field you will need to provide matching time patterns... what this does is just extract the timestamp as a string.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.