Hi,
Unable to parse datestamp as per the following log pattern.
[03/05/19 05:38:00:000 IST] ERROR scheduler.EDISFileReaderTask: @@ Scheduler StepNumber 3 (incoming folder is empty OR it doesn't have EXCEL files) @@
Parsing works in online grok debugger but doesn't work with the grok debugger available in kibana one.
[%{DATESTAMP} %{WORD:TimeZone}] %{WORD:LogLevel} %{DATA:JAVACLASS}: %{GREEDYDATA:message}
Anyone faced similar issue and what was their workaround.
Regards,
Nikhil
I would do that with dissect rather than grok
dissect { mapping => { "message" => "[%{timestamp} %{+timestamp} %{timezone}] %{loglevel} %{class} %{restOfLine}" } }Was able to make it work using the following grok pattern but thanks anyway.
[%{DATESTAMP:timestamp} %{WORD:TimeZone}] %{WORD:LogLevel} %{JAVACLASS:JAVACLASS}: %{GREEDYDATA:message}
Close thread...
Regards,
Nikhil
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.