user2018726
Reputation: 688
Trying to parse a custom log using grok
I have the following log:
2016-10-20T23:56:42.000+00:00 clientIp:83.149.9.216 TransactionId=1233 TransactionType=Sell
How can i ignore the words clientIp:, TransactionId= and TransactionType= to match only the values?
If I modify my log to look like this:
2016-10-20T23:56:42.000+00:00 83.149.9.216 1233 Sell
And I use this pattern:
%{TIMESTAMP_ISO8601:timestamp} %{IP:clientIp} %{NUMBER:TransactionId} %{WORD:TransactionType}
It works. So i need a way to read only the values after "word:" or "word="
Upvotes: 0
Views: 153
Answers (1)
Alain Collins
Reputation: 16362
Your pattern can include literals, e.g.
TransactionId=%{NUMBER:TransactionId}
Upvotes: 1
Related Questions
- GROK Parsing with regex
- logstash log parsing with regex and grok
- Log parsing with dissect
- using grok to extract log data
- Logstash custom log parsing
- Parsing data with grok filter on logstash
- Logstash Grok Filter - parsing custom file
- how do you parse text in grok
- Logstash grok parse error parsing log file
- parsing custom log in Logstash