How to grok this input with logstash?
Question
I'm trying to grok some lines with logstash, so first I created two patterns witch look like this :
AZ_LIST [1-9a-zA-Z,]+
AZ_STRING [a-zA-Z._-]+
and then I configured logstash to grok this input :
security=0 system=23 CPU=this.adresse_false Pvm=0,0,0,0,0,0,0,0 Vlan2=AZERT,566,2184,798,3312
My filter is :
filter {
grok {
patterns_dir => "/patterns"
match => [
"message" , "security=%{NUMBER:security} system=%{NUMBER:system} CPU=%{AZ_STRING:CPU} Pvm=%{AZ_LIST:Pvm} Vlan2=%{AZ_LIST:Vlan2}"
]
tag_on_failure => [ "failure_grok_exemple" ]
break_on_match => false
}
}
But these doesn't work
1 answers
solution1
0 ACCPTED 2015-04-23 10:00:17
There is an error in your pattern. Your AZ_LIST do not include 0 , but your logs have 0 EX: Pvm=0,0,0,0,0,0,0,0
This is my config, I can parse your log successfully.
filter {
grok {
patterns_dir => "./patterns/"
match => [
"message" , "security=%{NUMBER:security} system=%{NUMBER:system} CPU=%{AZ_STRING:CPU} Pvm=%{AZ_LIST:Pvm} Vlan2=%{AZ_LIST:Vlan2}"
]
}
}
Pattern:
AZ_LIST [0-9a-zA-Z,]+
AZ_STRING [a-zA-Z._-]+
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
How do I match a newline in grok/logstash?
how to parse dynamic logs using grok and logstash?
logstash grok - how to do conditional pattern matching?
LogStash Grok regex backreferences
Logstash grok multiline message
Logstash grok & regex filter
Logstash grok filter regex
logstash / grok pattern file
Use of ?> in Logstash Grok patterns
How do you extract a time stamp using logstash and grok?
Related Tags