Pratap K Reddy
Reputation: 11
Logstash grok pattern for the below log message
I wanted to extract the below enclosed in the "" pattern from the log message using grok pattern. Could anybody help in providing the grok pattern?
"2015/02/24 13:44:39" - Shell - (stdout) 2015/02/24 13:44:39 - "DIF_MainJob" - "Start of job execution"
"2015/02/25 13:01:39" - "SR_Incremental_Load" - "Start of job execution"
Upvotes: 1
Views: 108
Answers (1)
Saurabh Vajpayee
Reputation: 121
You can break this in two steps, first match complete logs line and second remove unwanted part. I tested on my local elk setup, use below configuration, may helpful to you.
filter{
grok {
match => { "message" => "\"%{DATA:my_date}\" - %{DATA:dropword} - \"%{DATA:phrase_1}\" - \"%{DATA:phrase_2}\"" }
}
mutate {
remove_field => ["dropword"]
}
}
Attaching screenshot from my Kibana
Upvotes: 0
Related Questions
- A complicated logstash pattern in Grok
- Grok pattern with this log line
- grok pattern for log event
- logstash grok Capturing repeating pattern
- what will be the Grok pattern for this custom log pattern?
- Custom Grok Pattern for logs
- Multiple patterns in one log
- DATA pattern in logstash - grok
- Grok pattern for different types of log in a logfile
- Logstash Grok Pattern