Reputation: 11
Grok pattern not found match
I'm trying to parse the below log entry for Elasticsearch using grok pattern.
Example entry log for parsing:
[AD Thread Pool-Global0] 09 Mar 2021 05:45:29,704 ERROR NetVizAgentRequest - Fatal transport error while connecting to URL [http://127.0.0.1:3892/api/agentinfo?timestamp=0&agentType=APP_AGENT&agentVersion=1.2.0]: org.apache.http.conn.HttpHostConnectException: Connect to 127.0.0.1:3892 [/127.0.0.1] failed: Connection refused (Connection refused)
Grok Pattern that I have tried:
"\\[%{DATA:threadName}\\] (?<eventTimestamp>%{MONTHDAY} %{MONTH} %{YEAR} %{HOUR}:%{MINUTE}:%{SECOND},%{POSINT})%{SPACE}%{LOGLEVEL:logLevel} %{JAVACLASS:class} \\- %{GREEDYDATA}"
But when I try debugging it using the Grok Debugger, it is showing no match found.
Maybe someone has more experience.
Can you help me understand why there are no matches or help with the correct Grok Pattern that matches the log entry.
Upvotes: 1
Views: 667
Answers (1)
Reputation: 3402
Here is the grok pattern that matches your log pattern:
\[%{GREEDYDATA:threadname}\] (?<timestamp>%{MONTHDAY} %{MONTH} %{YEAR} %{TIME}) %{LOGLEVEL:loglevel} %{DATA:javaclass} \- %{GREEDYDATA:message}
I have validate the same in GROK DEBUGGER
Here is the output:
Upvotes: 0
Related Questions
- ”_grokparsefailure” even though the grok pattern works
- Logstash grok config error - while parsing file name
- Logstash - Basic Grok Pattern not working
- Grok pattern works in Grok Debugger but not in logstash
- Grok Pattern not working in Logstash
- Logstash grok pattern issue
- Getting logstash log parse error: grokparsefailure
- GROK Pattern Works with GROK Debugger but not in Logstash GROK
- Logstash Grok Pattern
- Logstash grok multiple matches failure