Reputation: 1975
Grok logstash message without patterns file
I would like to know if it's possible to grok message with logstash without using an external patterns file and directly write my pattern in my config:
For example, now it's works like this :
input {
stdin{
}
}
filter {
grok {
patterns_dir => "./patterns"
match => ["message","%{PATTERNFILE:test}"]
}
}
output {
stdout {codec => rubydebug}
}
I have a file in a patterns folder with the following content :
PATTERNFILE .*
But I would like to directly write my pattern in the filter like this :
filter {
grok {
patterns_dir => "./patterns"
match => ["message","%{.*:test}"]
}
}
But it's not working.
Upvotes: 0
Views: 7213
Answers (3)
Reputation: 65
For using patterns_dir you should use full path /etc/logstash/conf.d/patterns/dns_domain for example:
grok {
patterns_dir => "/etc/logstash/conf.d/patterns/dns_domain"
match => { "Unparsed DNS Domain" => "%{BRACKETS:b1}%{META_INF:m1}" }
}
Where dns_domain file contains custom patterns. for example:
BRACKETS \(\d+\)
META_INF [0-9A-Za-z\s\-_]+
~
~
Upvotes: 1
Reputation: 1975
To directly write a pattern in the config file without having an exernal patterns file, the solution is:
filter {grok{ match => ["message", "(?<test>.*)"]}}
The method is described at http://logstash.net/docs/1.4.2/filters/grok in section "Custom patterns"
Upvotes: 8
Related Questions
- Finding grok pattern for Log file
- A complicated logstash pattern in Grok
- grok pattern for log event
- logstash grok Capturing repeating pattern
- what will be the Grok pattern for this custom log pattern?
- Grok Pattern not working in Logstash
- Custom Grok Pattern for logs
- DATA pattern in logstash - grok
- Logstash grok pattern issue
- Logstash Grok Pattern