yurividal
Reputation: 177
Filtering a log to create new columns with Logstash
I have a custom video server that outputs logs in the following format:
<12>May 18 10:35:53.551 myserver.com host:server: WARNING : call 117 (John Doe): video round trip time of 856 ms observed...
I need to be able to use grok in Logstash to create the following columns:
call -> 117
name -> John Doe
RTT -> 856ms
but I am new to Grok and Logstash. How can I make a start on this?
Upvotes: 0
Views: 53
Answers (1)
Sourav
Reputation: 3402
Grok pattern that will meet your requirement:
\<%{INT:serialno}\>%{SYSLOGTIMESTAMP:timestamp} %{HOSTNAME:hostname} %{WORD:data}\:%{WORD:data}\: %{LOGLEVEL:log-level} \: %{GREEDYDATA:logmsg} %{INT:call} \(%{GREEDYDATA:name}\)\: %{GREEDYDATA:logmsg} %{INT:RTT} %{WORD:unit} %{GREEDYDATA:logmsg}
You can test the grok pattern with any grok debugger. The one that I have used is https://grokdebug.herokuapp.com/
Here is the screenshot of the output:
Upvotes: 1
Related Questions
- How to filter on a field value for Logstash Grok
- Logstash grok filter - name fields dynamically
- Logstash grok filter doesn't work for the last field
- Logstash filtering using grok to filter the log with []
- Logstash Add field from grok filter
- have a grok filter create nested fields as a result
- Logstash filtering using grok
- Logstash filter by nested field
- Using field as input to Logstash Grok filter pattern
- Logstash filter with more matcher