bhavna
Reputation: 11
Logstash grok filter : parsing custom application logs
I'm trying to parse my application logs using logstash filters. The log file contents are like below
17 May 2016 11:45:53,391 [tomcat-http--10] INFO com.visa.vrm.aop.aspects.LoggingAspect - RTaBzeTuarf |macBook|com.visa.vrm.admin.controller.OrgController|getOrgs|1006
I'm trying to create a dashboard (line chart) using logstash and want to show the activities on it. For e.g request comes in from some server with correlation id and have to see which class it calls with corresponding method and how long it took to execute.
The message is like:
correlation id | server-name | class name | method name | time taken
log file e.g
RTaBzeTuarf |macBook|com.visa.vrm.admin.controller.OrgController|getOrgs|1006
I'm unable to create grok patterns/filters for above message. Can someone advise me on this?
Upvotes: 1
Views: 724
Answers (1)
alpert
Reputation: 4655
Try that:
(?<timestamp>%{MONTHDAY} %{MONTH} %{YEAR} %{HOUR}:%{MINUTE}:%{SECOND}) \[%{NOTSPACE:thread}\] %{LOGLEVEL:loglevel} (?<logger>[A-Za-z0-9$_.]+) - %{GREEDYDATA:correlationId}\|%{GREEDYDATA:servername}\|%{GREEDYDATA:className}\|%{GREEDYDATA:methodName}\|%{NUMBER:time}$
Upvotes: 1
Related Questions
- How to handle non-matching Logstash grok filters
- Custom metrics using grok with logstash
- Logstash grok failing
- Creating a custom grok pattern in Logstash
- Logstash / GROK: Creating a custom Variable when parsing a log file
- Logstash Grok - How to parse @timestamp field using HTTPDERROR_DATE pattern?
- Chaining grok filter patterns for logstash
- Logstash - grok use a field other than message