Windows source grok match


(Sd Karthik) #1

How do I write a grok for source in windows file

My source is -- "T:\pricelinelogs\tripair\Xml.16-02-02.log"

How do i grok for "tripair" and the log file name in the source?


(Tudor Golubenco) #2

Since you are asking about grok, did you mean to open this in the Logstash section? The Beats don't do grok.


(Sd Karthik) #3

Hi,

I have the following coming into logstash server as input --

"source" => "T:\pricelinelogs\tripair\airsearch.16-02-02_21.log",
[0] "_grokparsefailure"

As u see above it says grok failure

The grok match I have in my conf file is

match => ["source","%{DATA:home}%{WORD:logfolder}\\%{WORD:application1}\\%{GREEDYDATA:filename}.log"]

I verified this grok pattern in https://grokdebug.herokuapp.com/

I used "T:\pricelinelogs\tripair\airsearch.16-02-02_16.log" as input
and
%{DATA:home}%{WORD:logfolder}\\%{WORD:application1}\\%{GREEDYDATA:filename}.log as pattern and i was able to parse the fields.

My grok is able to parse the fields but however in logstash i am seeing parse failure.

Can u pls help me


(system) #4