how to write grok pattern upto particular word

Asked Oct 15 '15 at 06:14

Active Oct 15 '15 at 06:21

Viewed 1,295 times

I need help in writing grok pattern for upto particular string.

I have below types log lines in same log file:

line 1:

20151012 00:59:03 main ERROR java.lang.Class - Failed to retrieve the node - unable to resolve the path //mbeans/mbean[@id="audit-config"]/mbean-attributes

line 2:

20151012 00:59:59 RMI TCP Connection(5)-176.66.1.39 INFO  net.cp.cluster.configstore.admin.impl.AdminManager - config up-to-date; local anchor [ac6c08e5-cded-43ca-8cb3-e8be1b85c453] - global anchor: [ac6c08e5-cded-43ca-8cb3-e8be1b85c453]

here now, I want LOGLEVEL words like ERROR or INFO into severity field.

My goal is, I want everything after seconds field upto ERROR or INFO in one field.

how should I do that?

I have tried below grok but its not working:

%{YEAR}%{MONTHNUM}%{MONTHDAY}\s*%{HOUR}:%{MINUTE}:%{SECOND}\s*\(?<rawinfo>/^(?:(?!\s*\b(?:ERROR | ?:INFO)\b).)*/\)

Any help here?

Thanks!

edited Oct 15 '15 at 06:21

asked Oct 15 '15 at 06:14

Amit Gawali

1

`%{YEAR}%{MONTHNUM}%{MONTHDAY} %{TIME} %{GREEDYDATA:onefield} %{LOGLEVEL} %{GREEDYDATA:log_message}` – hurb Oct 15 '15 at 08:08
yeah.. its working.. thanks.. – Amit Gawali Oct 15 '15 at 08:14

how to write grok pattern upto particular word

0 Answers0