grok pattern to extract data from log message

Question

Recently I have started analysing ELK stack for log processing. In this I need to get some data out of my log message as fields to make this logs more productive. Sample log message:

05:25:11,405 DEBUG ClassName:? - Start of some data like ^Akey1=value1^Akey2=value2^Akey3=value3....keyN=valueN

How can i get value of key2 into a field using grok.
my attempt as belows:

%{TIME:timestamp}\s+%{LOGLEVEL:level}.*key2.*

Not sure how should i save key2's value Thanks In Advance!!

alpert · Accepted Answer

If you just want to get value2 you can use:

%{TIME:timestamp}\s+%{LOGLEVEL:level}%{GREEDYDATA}key2=%{GREEDYDATA:key2}\^A

You can try it here: http://grokdebug.herokuapp.com/

grok pattern to extract data from log message

Answers (1)

Related Questions