To grok or not to grok?

(John Swift) #1

Looking for some advice from the elastic community
I need to parse the following log entry into separate fields.
My initial thoughts were to try & write a grok pattern as the structure is the same for each log entry but wondering if there was a better way as the source logs are in XML format

<m n="-1" p="Unknown" c="-1" d="10:20:28.161" u="-1" t="LiveNode" i="-1.1" s="70">
org.springframework.ldap.CommunicationException: xxxxxxxx:636; nested exception is javax.naming.CommunicationException: xxxxxxxxxx:636 [Root exception is PKIX path building failed: unable to find valid certification path to requested target]

(Steffen Siering) #2

Looks like you need to enable multiline support. Logstash also has an XML filter. Personally I'd always prefer a proper parser over grok (which is based on regular expression).

(system) closed #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.