Windows source grok match

How do I write a grok for source in windows file

My source is -- "T:\pricelinelogs\tripair\Xml.16-02-02.log"

How do i grok for "tripair" and the log file name in the source?

Since you are asking about grok, did you mean to open this in the Logstash section? The Beats don't do grok.


I have the following coming into logstash server as input --

"source" => "T:\pricelinelogs\tripair\airsearch.16-02-02_21.log",
[0] "_grokparsefailure"

As u see above it says grok failure

The grok match I have in my conf file is

match => ["source","%{DATA:home}%{WORD:logfolder}\\%{WORD:application1}\\%{GREEDYDATA:filename}.log"]

I verified this grok pattern in

I used "T:\pricelinelogs\tripair\airsearch.16-02-02_16.log" as input
%{DATA:home}%{WORD:logfolder}\\%{WORD:application1}\\%{GREEDYDATA:filename}.log as pattern and i was able to parse the fields.

My grok is able to parse the fields but however in logstash i am seeing parse failure.

Can u pls help me