Satya As
Reputation: 11
Logstatsh help needed to write grok filter
I am new to this group. Can you please let me know how can I write sample grok filter for below log message ?
1458164618009,971866112000,samplehost.com Memory pid=48653
1)UnixTime 2)Memory used in Kbs 3)Host 4)Memory Pid is Static text 5) 48653 is the process ID
Thank you.
Upvotes: 1
Views: 57
Answers (1)
Anirudh
Reputation: 682
The following grok pattern works for your log sample :
%{NUMBER:UNIX_Timestamp},%{NUMBER:memoryUsed},%{GREEDYDATA:host} Memory pid=%{NUMBER:processId}
You can use https://grokdebug.herokuapp.com/ for debugging and creating patterns. And can use https://github.com/hpcugent/logstash-patterns/blob/master/files/grok-patterns for checking what regex might be helpful in your case. Basis the variety of logs you have and are processing, some other patterns might be more useful.
Upvotes: 2
Related Questions
- Log Firewall Checkpoint Grok graylog
- Grok filter Pattern -Unable to get required values from Square bracket
- How do you find a quoted string with specific word in a log message using grok pattern
- Grok expression to Parse Log data
- Logstash / GROK: Creating a custom Variable when parsing a log file
- GROK Pattern filtering
- grok pattern to parse the logs using logstash
- Logstash Grok filter - naming the fields according to content