Grok pattern with this log line
Question
basically I need to filter out Date - SEVERITY - JAVACLASSNAME - ERROR MESSAGE.
This is working for me..But its just half done. (?[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2},[0-9]{3}) %{WORD:Severity}(?:%{GREEDYDATA:msg})
It doesnt show Javaclass..!
Here is the output I get
{ "Timestamp": [ [ "2015-03-03 03:12:16,978" ] ], "Severity": [ [ "INFO" ] ], "Error_Message": [ [ " [http-bio-16006-exec-71] [XYZ.ABC.JLM.app.task.ERT] [app:/saas reqid:23121221 jsid:* aid:* uid: org: vorg: un:] - Received to update queued for monitorId=54213213JBNJBSJBSJBS, worklow=8u298u2189u312, session=21684216814321" ] ] }
LOGLINE
2015-03-03 03:12:16,978 INFO [http-bio-16006-exec-71] [XYZ.ABC.JLM.app.task.ERT] [app:/saas reqid:23121221 jsid:* aid:* uid: org: vorg: un:] - Received to update queued for monitorId=54213213JBNJBSJBSJBS, worklow=8u298u2189u312, session=21684216814321
1 answers
solution1
2 ACCPTED 2015-03-03 12:13:22
This should work:
filter {
grok {
match => [
"message",
"%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:severity} \[(?<threadname>[^\]]+)\] \[(?<classname>[^\]]+)\] %{GREEDYDATA:message}"
]
overwrite => ["message"]
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
grok filter for log pattern
Logstash Grok pattern to cut split a string in the log line using regex
What is the grok pattern for this jenkins log?
Logstash grok pattern to filter a pretty long log line, add ignore between
Logstash grok pattern to filter custom Log message
Grok pattern matching custom junos log
Split log message on space for grok pattern
Grok Pattern optional fields on line end
Grok pattern to remove "ms" from log string and convert to INT
Grok pattern to extract specific data only from log
Related Tags