I've two layouts one is error layout.in this layout have two additional fields like.requestUrl and requestmethod.
the second one is common layout which is for warn,debug,info log levels.
i've also added userId which is in format of GUID
.
you can see in log `AuthID:soemthing guid. i want to add userId field with use of grok.
but when used grok for userId it don't taking and also not creating a field.
What should it pattern will be?
here is log
2020-10-16 11:11:06.2668 18524 ERROR FinanceAPI.Controllers.TransactionController 192.168.43.244 http://bhavin/Transactions POST Invalid LedgersFinanceAPI.Execptions.InvalidDataException: Invalid Ledgers
at FinanceAPI.Controllers.TransactionController.Insert(Transaction tx) in D:\Git\finance.api\FinanceAPI\Controllers\TransactionController.cs:line 69 at FinanceAPI.Controllers.TransactionController.Insert(Transaction tx) in D:\Git\finance.api\FinanceAPI\Controllers\TransactionController.cs:line 69 AuthID:1dfae3d2-258d-42d4-802e-c39a751574e3
and this is the grok pattern
if [fields][log_type] == "finance"
{
grok {
match => { "message" => "%{TIMESTAMP_ISO8601:timestamp} %{INT:processId} %{LOGLEVEL:level} %{DATA:logger} %{IPV4:clientIp} %{GREEDYDATA:message}"}
overwrite => "message"
}
if [message] =~ "^http:" {
grok {
match => { "message" => "%{URI:requestUrl} %{WORD:requestMethod} %{GREEDYDATA:message}" }
overwrite => "message"
}
}
if [message] =~ "^AuthID:" {
grok {
match => { "message" => "%{UUID:UserId}" }
overwrite => "message"
}
}
}