6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"Logstash Grok Pattern\",\"text\":\"

I am new to logstash and trying to custom GROK one log file could some one please guide me on how to custom grok this log.

\\n\\n

Log entry:

\\n\\n

configmgr.service.configservice - revoke_app_config - Revoking config for app

\\n\\n

I want to grok it in such a way that it should populate the below fields as:

\\n\\n

PROGMODULE = configmgr.service.configservice\\nPROGBLOCK = revoke_app_config \\nACTION = Revoking config for app

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Narendra522\"},\"upvoteCount\":0,\"answerCount\":1,\"acceptedAnswer\":null}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","logstash",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/logstash/1","children":"logstash"}]}],["$","span","logstash-grok",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/logstash-grok/1","children":"logstash-grok"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/87a9ee12d02c022ba83bc52d17769b7f?s=256&d=identicon&r=PG&f=y&so-version=2","alt":"Narendra522","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/3793656/narendra522","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Narendra522"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",167]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"Logstash Grok Pattern"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

I am new to logstash and trying to custom GROK one log file could some one please guide me on how to custom grok this log.

\n\n

Log entry:

\n\n

configmgr.service.configservice - revoke_app_config - Revoking config for app

\n\n

I want to grok it in such a way that it should populate the below fields as:

\n\n

PROGMODULE = configmgr.service.configservice\nPROGBLOCK = revoke_app_config \nACTION = Revoking config for app

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",0]}],["$","p",null,{"children":["Views: ",152]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",1,")"]}],[["$","div","31609733",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/22fe5fc4bfd69d0312cf39557391ebec?s=256&d=identicon&r=PG","alt":"aairey","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/3983086/aairey","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"aairey"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",310]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

Have you tried something like below?

\n\n

%{NOTSPACE:PROGMODULE} - %{WORD:PROGBLOCK} - %{GREEDYDATA:ACTION}\n

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",1]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","59953108",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/59953108","className":"text-blue-600 hover:underline","children":"A complicated logstash pattern in Grok"}]}],["$","li","29889860",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/29889860","className":"text-blue-600 hover:underline","children":"grok pattern for log event"}]}],["$","li","34325370",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/34325370","className":"text-blue-600 hover:underline","children":"logstash grok Capturing repeating pattern"}]}],["$","li","54256821",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/54256821","className":"text-blue-600 hover:underline","children":"what will be the Grok pattern for this custom log pattern?"}]}],["$","li","47314464",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/47314464","className":"text-blue-600 hover:underline","children":"Need to shorten Grok Pattern"}]}],["$","li","37979012",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/37979012","className":"text-blue-600 hover:underline","children":"Grok Pattern not working in Logstash"}]}],["$","li","45936841",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/45936841","className":"text-blue-600 hover:underline","children":"Custom Grok Pattern for logs"}]}],["$","li","41804330",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/41804330","className":"text-blue-600 hover:underline","children":"GROK Pattern filtering"}]}],["$","li","41548402",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/41548402","className":"text-blue-600 hover:underline","children":"DATA pattern in logstash - grok"}]}],["$","li","37604749",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/37604749","className":"text-blue-600 hover:underline","children":"Logstash grok pattern issue"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

Logstash Grok Pattern

Answers (1)

Related Questions