Logstash grok for special character
Question
Following is my log
# Time: 2017-11-02T07:41:22.631956Z# User@Host: root[root] @ localhost [] Id:
I am not able to write grok pattern for the word root[root] . I want this value as a single column. Example : host = root[root] .
I want [ in my value.
How to do this ?
1 answers
solution1
5 ACCPTED 2017-11-02 09:50:51
%{DATA:user} should do.
You can see the definition for DATA here .
A grok filter for parsing your whole logline could look somewhat like this (I'm not really sure which parts you're interested in but you get the idea):
# Time: %{TIMESTAMP_ISO8601:timestamp}# %{DATA:user}@%{DATA:host}: %{DATA:user2} @ %{DATA:host2} \[\] Id:
Results from https://grokconstructor.appspot.com :
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Logstash grok patterns special characters
underscore character is not getting parsed in logstash grok pattern?
Logstash Grok Pattern that matches after 7th character only
Logstash grok square brackets
Logstash grok failing
grok filter for logstash
logstash, syslog and grok
logstash if field exists then grok
Grok parse failure with Logstash
Logstash Directory pattern in grok
Related Tags