Reputation: 383
Logstash grok pattern issue
I have been using logstash to read a log file in which I have come across with some difficulty in grokking the log statement.
The log pattern is like this
"20160401-00:00:00","abc3ap5a","AB2","EAP-Production(Production/EAI)","160402.0","0.0","5.0",
and I have tried to grok like this
"%{NOTSPACE:Datetime}","%{WORD:Hostname}","%{WORD:Location}","%{PROG:Usage)","%{NUMBER:YYMMDD}","%{NUMBER:HHMM}","%{NUMBER:CPU(%)}",""
Everything looks fine except when I try to run the conf file, it keeps saying
The error reported is: unmatched close parenthesis: /%{PROG:Usage)/m
I have tried to change the parenthesis for different kinds but the same error pops out. Would anyone can suggest any solution for me. What I need is to extract EAP-Production(Production/EAI) as a whole without changing the log file pattern.
Upvotes: 0
Views: 273
Answers (1)
Reputation: 217564
You need to replace the closing parenthesis with a curly brace at the end
"%{PROG:Usage)"
should be
"%{PROG:Usage}"
Upvotes: 1