1

I am new to this group. Can you please let me know how can I write sample grok filter for below log message ?

1458164618009,971866112000,samplehost.com Memory pid=48653

1)UnixTime 2)Memory used in Kbs 3)Host 4)Memory Pid is Static text 5) 48653 is the process ID

Thank you.

Satya As
  • 11
  • 1

1 Answers1

2

The following grok pattern works for your log sample :

%{NUMBER:UNIX_Timestamp},%{NUMBER:memoryUsed},%{GREEDYDATA:host} Memory pid=%{NUMBER:processId}

You can use https://grokdebug.herokuapp.com/ for debugging and creating patterns. And can use https://github.com/hpcugent/logstash-patterns/blob/master/files/grok-patterns for checking what regex might be helpful in your case. Basis the variety of logs you have and are processing, some other patterns might be more useful.

Anirudh
  • 652
  • 6
  • 12