CODEWITHSUNDEEP
logstashlogstash-groklogstash-configuration
Raju Kumar
Raju Kumar

Reputation: 21

How to create grok filter for logstash conf

Dear Community Members,

I am new to grok. Following are the log message to which I want to extract fields values like : 

Method :  createCabinet 
Argument : {"comments":....}
Result : <201 Created,Folder ....
Time  : 21611 msec
CorrelationId : 00905cda-10a0-4793-8b77-e1dba05dcb2c

Log Message :

16:43:45.159 [http-nio-8183-exec-9] INFO com.newgen.aspect.LoggingAspect - Method : createCabinet | Argument : {"comments":"Default cabinet precreated by system","ownerName":"manoj","usedFor":"general","folderName":"Cabinet80704183","ownerId":"AVlFxAVOoeDBAMtAMzee","folderType":"cabinet"}{"bytes":[49,50,51,52,53],"empty":false} | Result : <201 Created,Folder [id=5cac7e618dd9854e78007736, folderName=Cabinet80704183, folderType=cabinet, comments=Default cabinet precreated by system, parentFolderId=null, ownerName=manoj, ownerId=AVlFxAVOoeDBAMtAMzee, creationDateTime=Tue Apr 09 16:43:34 IST 2019, revisedDateTime=null, accessDateTime=null, usedFor=general, version=0, metadataId=null, tenantId=12345],{}> | Time : 21611 msec | CorrelationId : 00905cda-10a0-4793-8b77-e1dba05dcb2c

I am debugging this on https://grokdebug.herokuapp.com So far unable to construct the required grok filter for logstash. Appreciate your help on this.

Thanks,

Upvotes: 0

Views: 50

Answers (1)

Thiago Falcao
Thiago Falcao

Reputation: 5013

Try this:

%{TIME:timestamp} \[%{NOTSPACE}\] %{NOTSPACE:log_level} %{NOTSPACE:class} \- Method \: %{NOTSPACE:method} \| Argument \: %{GREEDYDATA:argument} \| Result \: %{GREEDYDATA:result} \| Time \: %{NUMBER:time_ms} msec \| CorrelationId \: %{NOTSPACE:correlation_id}

tested on Logstash 6.7

Upvotes: 0

Related Questions