Grok pattern format

Question

I would like for my grok to output results based on my custom pattern.
Input: May 23 22:23:39 vd='root'

I did a grok discover and the results were:

%{SYSLOGTIMESTAMP} vd=%{QS}

I would like to make a custom pattern that will use the discovered results parameters or conditions.Am having no success this is my custom pattern am new to this grok patterns.

#Myown
MYCUSTOM %{SYSLOGTIMESTAMP}[ ]%{QUOTEDSTRING}

score 1 · Answer 1 · edited Apr 24 '14 at 09:56

1

I had just checked your pattern and was ok: MYCUSTOM %{SYSLOGTIMESTAMP:myTime} vd=%{QUOTEDSTRING:myString}

All you need to do was giving grok the field names where you wanted to store the values. I used "myTyme" and "myString" and worked.

edited Apr 24 '14 at 09:56

Arturo Herrero

12,772
11
42
73

answered Feb 17 '13 at 17:31

alfredocambera

3,155
34
29

score 0 · Answer 2 · edited Sep 07 '16 at 16:23

0

%{SYSLOGTIMESTAMP:Timestamp} vd='%{DATA:String}'

Maybe this will help

edited Sep 07 '16 at 16:23

Sebastian Lenartowicz

4,695
4
28
39

answered Sep 07 '16 at 16:17

nul305

1

Grok pattern format

2 Answers2