Logstash grok patterns special characters

Question

I have a problem in my grok pattern with special characters. I use filebeat to send my logs in logstash. And in logstash I use grok patterns to parse elements.

My logs :

5/19/2019 7:27:32 PM | APPLI=C:\Path\Path\Path\Path\Path.exe | PID=9999 |
LOTQUERY_LOTINFO                
@USERID AUTO@PWD xxx@LOTID 9A4568.1@DATA
5/19/2019 7:27:32 PM 
SUCCESS                         Þ
@88@9A45681.1

My grok pattern :

match => ["message", "^%{DATESTAMP_12HOUR:msgTime} \| APPLI=%{PATH:APPLI} \| PID=%{NUMBER:PID} \|\n%{WORD:Method}%{SPACE}\n@USERID AUTO@PWD xxx@LOTID %{DATA:LOTID}@%{DATA:inutile}\n%{DATESTAMP_12HOUR:msgTime2} \n%{WORD:ResultType}%{SPACE}\n%{DATA:inutile2}$"] 

The problem is that sometimes there are special characters to the right of the SUCCESS that make mistakes when I retrieve the elements of the third line.

This characters can be :

ù œ ª U ?

And I don't know how to handle them...

Thanks for your help.

Answer 1

You can try something like below pattern -

%{DATA:msgTime} \| APPLI=%{PATH:APPLI} \| PID=%{NUMBER:PID} \|\n%{WORD:Method}%{SPACE}\n@USERID AUTO@PWD xxx@LOTID %{DATA:LOTID}@%{DATA:inutile}\n%{DATA:msgTime2} \n%{WORD:ResultType}%{GREEDYDATA}\n%{DATA:inutile2}$

Have matched special characters with greedydata but haven't mapped it.