logstash grok patterns assistance

Question

I really need some help parsing the below log and matching with grok

Mar 19 17:23:12:00 Alert - Traffic Gap Detected - severity[Alert] source[Text1/Text2] reason[MajorSet] count[1] value[1]

I want similar to this:

timesamp:Mar 19 17:23:12:00

Alert: Alert - Traffic Gap Detected -

severity: Alert

source:Text1/Text2

reason:MajorSet

count:1

value:1

grok{ 
    match => [ "message" => "%{SYSLOGTIMESTAMP:timestamp} %{GREEDYDATA: Alert - Traffic Gap Detected} %{WORD:severity]"]
}

Thanks for any help!

score 1 · Answer 1 · answered Mar 19 '17 at 21:06

Something like this can parse your log line:

%{SYSLOGTIMESTAMP:timestamp} %{GREEDYDATA:alert} - severity\[%{WORD:severity}\] source\[%{DATA:source}\] reason\[%{DATA:reason}\] count\[%{NUMBER:count}\] value\[%{NUMBER:value}\]

You can test it here: https://grokdebug.herokuapp.com/

logstash grok patterns assistance

1 Answers1