Custom regular expression for grok

Question

My question is about grok filter in logstash. For logstash filter I need to parse a log file . Sample log statement below

2017-07-31 09:01:53,135 - INFO [QuorumPeer[myid=1]/0:0:0:0:0:0:0:0:2181:ZooKeeperServer@617] - Established session 0x15d964d654646f4 with negotiated timeout 5000 for client /10.191.202.89:56232

I want to parse statement between [] using regular expression but did not get any success ? From above line

1. QuorumPeer[myid=1]/0:0:0:0:0:0:0:0:2181 should be mapped to thread id .
2. ZooKeeperServer should be mapped to class name
3. 617 should be mapped with line number

Can someone help me with the regular expression for this ?

Answer 1

You may use

\[(?<threadid>\w+[^/]*/[\d:]+):(?<classname>[^\]@]+)@(?<linenumber>\d+)\]

Details

• \[ - a literal [
• (?<threadid>\w+[^/]*/[\d:]+) - Group "threadid": 1+ word chars, then 0+ chars other than /, / and then 1 or more digits or : (note that you may adjust this pattern as you see fit, e.g. it can also be written as (?<threadid>.*?[\d:]+) but it won't be that safe)
• : - a colon
• (?<classname>[^\]@]+) - Group "classname": 1 or more chars other than ] and @
• @ - a @ char
• (?<linenumber>\d+) - Group "linenumber": 1 or more digits
• \] - a literal ].

Online test results at grokdebug.herokuapp.com: