What is the best way to parse a log file which has sections that I need to remember when reading following lines?

andr_eas · August 5, 2015, 1:57pm

Hi everybody,

I'm working on project where I need to parse a log file that is optimized for human consumpion and therefore difficult to parse. It looks like follows

[NODE]-----[DESCRIPTION]-----[DATE]
[TIME] [PROCESS] [INFORMATION] [OTHERNODE]
[TIME] [PROCESS] [INFORMATION] [OTHERNODE]
[TIME] [PROCESS] [INFORMATION] [OTHERNODE]
[TIME] [PROCESS] [INFORMATION] [OTHERNODE]
[TIME] [PROCESS] [INFORMATION] [OTHERNODE]
[NODE]-----[DESCRIPTION]-----[DATE]
[TIME] [PROCESS] [INFORMATION] [OTHERNODE]
[TIME] [PROCESS] [INFORMATION] [OTHERNODE]
[TIME] [PROCESS] [INFORMATION] [OTHERNODE]
[TIME] [PROCESS] [INFORMATION] [OTHERNODE]
[TIME] [PROCESS] [INFORMATION] [OTHERNODE]

[NODE] and [DATE] refer to each of the following lines of the section.

I want to visualize this in Kibana in a way, that allows to link [NODE] and [OTHERNODE]. Apart from that I obviously need to combine [DATE] and [TIME] to create a unique timestamp.

What is the best way to do this in Logstash?

Kind regards and thanks in advance,
Andreas

Topic		Replies	Views
Logstash - complicated parsing, can logstash remember states? Logstash	3	347	November 14, 2018
Parsing problem when streaming a log file Kibana	27	308	December 29, 2023
If a single log file has data in different sections and each section is in a different format then how to parse it using logstash Logstash	3	729	January 24, 2018
Log file's timestamp instead of kibana default timestamp Kibana	9	1506	August 21, 2019
Combining information from different blocks of information of the same logfile Kibana	3	414	October 26, 2018

What is the best way to parse a log file which has sections that I need to remember when reading following lines?

Related topics