Reputation: 70
How to write the grok expression for my log?
I am trying to write a grok to analysis my logs.
Use logstash 7 to collect logs. But I failed writing grok after many attempts.
Log looks like this:
[2018-09-17 18:53:43] - biz_util.py [Line:55] - [ERROR]-[thread:14836]-[process:9504] - an integer is required
My Grok(fake):
%{TIMESTAMP_ISO8601 :log_time} - %{USERNAME:module}[Line:%{NUMBER:line_no}] - [%{WORD:level}]-[thread:%{NUMBER:thread_no}]-[process:%{NUMBER:process_no}] - %{GREEDYDATA:log}
Only the timestamp part is OK. The others failed.
Upvotes: 0
Views: 154
Answers (2)
Reputation: 311
This will work,
[%{TIMESTAMP_ISO8601:log_time}] %{NOTSPACE} %{USERNAME:module} [Line:%{BASE10NUM:Line}] %{NOTSPACE} [%{LOGLEVEL}]%{NOTSPACE}[thread:%{BASE10NUM:thread}]%{NOTSPACE}[process:%{BASE10NUM:process}]
Upvotes: 0
Reputation: 18578
that will work:
\[%{TIMESTAMP_ISO8601:log_time}\] - %{DATA:module} \[Line:%{NUMBER:line_no}\] - \[%{WORD:level}\]-\[thread:%{NUMBER:thread_no}\]-\[process:%{NUMBER:process_no}\] - %{GREEDYDATA:log}
you need to escap [
Upvotes: 1
Related Questions
- Logstatsh help needed to write grok filter
- grok pattern for log event
- How to extract value from log with grok and logstash
- What is the proper grok filter for my input?
- How to write custom grok for logstash
- Need to shorten Grok Pattern
- how to wrire grok expression for json
- Logstash Grok Pattern
- how to assign particular value from logstash output
- grok pattern for extracting info in logstash