Hi ,
Some one please let me how to write regex for below log?
(84512) rest: Reply-Message := "Failed"
I want filter out "Reply-Message := "Failed"". In My watcher I tried below.
{ "regexp": { "message": "Reply-Message * Failed" } }
{ "regexp": { "message": "Reply-Message * .Failed." } }
{ "match": { "message": "Reply-Message := Failed" } }
{ "match": { "message": "Reply-Message := 'Failed' " } }
And also how to filter message particular logfile?
"bool": {
"should": [
{
"regexp": {
"message": "Reply-Message * .Failed."
}
},
{
"match": {
"source": "/var/log/radius.log"
}
}
],
"minimum_should_match": 2,
"filter": {
"range": {
"@timestamp": {
"from": "now-30s",
"to": "now"
}
}
}
}
Please some one help me.
Thanks.