Haider
Reputation: 13
GROK Filter Help Logstash
Hello I am new to GROK learning, I am trying to store following log in seperate fields, having a hard time writing a GROK filter to do it
This is the log
01/04/2021 15:30:00.300 +03:00 - [INFO] - [w3wp/LPAPI-Last Casino/95] - Log Message XXXXXXXXXXXXXXXXXXX
and I want to extract in this pattern
DATE TIME TIMEZONE - [SEVERITY] - [APPLICATION/SUBSYSTEM/THREAD_ID] - MESSAGE
Upvotes: 1
Views: 299
Answers (1)
Haider
Reputation: 13
This did the trick
filter {
grok {
match => { "message" => "%{DATESTAMP:TimeStamp} %{ISO8601_TIMEZONE:TimeZone} - \[%{LOGLEVEL:Severity}] - \[%{DATA:APPLICATION}/%{DATA:SUBSYSTEM}/%{BASE10NUM:THREAD_ID}] - %{GREEDYDATA}"}
}
}
Upvotes: 0
Related Questions
- Logstatsh help needed to write grok filter
- Logstash filtering using grok to filter the log with []
- How to filter JSON using Logstash / Filebeat and Grok
- What is the proper grok filter for my input?
- GROK Pattern filtering
- Logstash grok filter regex
- Logstash Grok Filter - parsing custom file
- Logstash - grok configuration filter
- logstash stopped match a grok second grok filter
- Logstash filter with more matcher