Hi, I have situation where two different formats end up in the same log file.
I have the standard log4j format and that parses fine. But I also get google glog format.
The glog looks like:
I0807 19:07:40.477815 13465 checker_process.cpp:972] HTTP health check for task 'auth-api-stg-raange.c1681d01-95c2-11e8-818f-1a706db5e5af' returned: 200
The log4j pattern works as the message does not get tagged as _grokparsefailure.
This is the filter I'm using
grok {
patterns_dir => "patterns/"
match => {
"message" =>
[
"%{TIMESTAMP_ISO8601:log_timestamp} [%{NOTSPACE:thread}] %{LOGLEVEL:log_level} * (?[A-Za-z0-9$_.]+) - %{GREEDYDATA:log_message}",
"%{LOGLEVEL:log_level}%{TIMESTAMP_GLOG:log_timestamp} %{GREEDYDATA:log_message}"
]
}
}
GLOG pattern is defined as:
TIMESTAMP_GLOG %{MONTHNUM}%{MONTHDAY} %{TIME}