How to grok catalina log file
Question
I'm trying to find a pattern for this line of log (extracted from catalina.log) of an apache tomcat 8 installation.
30-Apr-2019 15:40:40.044 INFOS [main] org.apache.catalina.startup.VersionLoggerListener.log message
No one of the date pattern include in logstash matches with this date format.
Do you have idea how can I parse this date 30-Apr-2019 15:40:40.044 to a timestamp in my logstash filter ?
Thanks
2 answers
solution1
0 ACCPTED 2019-05-21 18:46:13
As stated by @baudsp, you may add the date pattern for catalina using a custom pattern file, or use it embedded in the grok, as shown here
(?<date>%{MONTHDAY}-%{MONTH}-%{YEAR} %{HOUR}:?%{MINUTE}(?::?%{SECOND}))
If you use the pattern often, put it in a file would probably be better, and provide more readability
solution2
0 2019-06-17 15:30:13
Finally, there is a solution :
I put a new pattern in a file custom.txt
MY_DATE_PATTERN %{MONTHDAY}-%{MONTH}-%{YEAR} %{HOUR}:?%{MINUTE}(?::?%{SECOND})
Then in my logstash.conf I put this filter :
grok {
patterns_dir => ["./patterns"]
match => {
"message" => "%{MY_DATE_PATTERN:timestamp}%{SPACE}%{GREEDYDATA:loglevel}%{SPACE}\[%{GREEDYDATA:thread}\]%{SPACE}%{JAVACLASS:classname}%{SPACE}%{GREEDYDATA:logmessage}"
}
}
date {
match => [ "timestamp" , "dd-MMM-yyyy HH:mm:ss.SSS" ]
}
Thanks for your help
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.