Shivkumar Mallesappa
Reputation: 3077
Logstash grok for special character
Following is my log
# Time: 2017-11-02T07:41:22.631956Z# User@Host: root[root] @ localhost [] Id:
I am not able to write grok pattern for the word root[root].
I want this value as a single column. Example : host = root[root].
I want [ in my value.
How to do this ?
Upvotes: 2
Views: 13265
Answers (1)
Phonolog
Reputation: 6511
%{DATA:user} should do.
You can see the definition for DATA here.
A grok filter for parsing your whole logline could look somewhat like this (I'm not really sure which parts you're interested in but you get the idea):
# Time: %{TIMESTAMP_ISO8601:timestamp}# %{DATA:user}@%{DATA:host}: %{DATA:user2} @ %{DATA:host2} \[\] Id:
Results from https://grokconstructor.appspot.com:
Upvotes: 6
Related Questions
- Grok Pattern escaping a - (hyphen)
- getting rid of colon in grok
- Logstash grok square brackets
- grok parsing issue
- Grok Pattern not working in Logstash
- How can I escape backslash in logstash grok pattern?
- Grok parsing with special characters in message
- String all characters in grok
- Logstash Grok parser
- Grok pattern does not work for $ character