How to grok catalina log file

Question

I'm trying to find a pattern for this line of log (extracted from catalina.log) of an apache tomcat 8 installation.

30-Apr-2019 15:40:40.044 INFOS [main] org.apache.catalina.startup.VersionLoggerListener.log message

No one of the date pattern include in logstash matches with this date format.

Do you have idea how can I parse this date 30-Apr-2019 15:40:40.044 to a timestamp in my logstash filter ?

Thanks

`%{MONTHDAY}-%{MONTH}-%{YEAR} %{HOUR}:?%{MINUTE}(?::?%{SECOND})` You'll have to put that in a custom pattern file. — baudsp, May 21 '19 at 15:05

score 0 · Accepted Answer · answered May 21 '19 at 18:46

As stated by @baudsp, you may add the date pattern for catalina using a custom pattern file, or use it embedded in the grok, as shown here

(?<date>%{MONTHDAY}-%{MONTH}-%{YEAR} %{HOUR}:?%{MINUTE}(?::?%{SECOND}))

If you use the pattern often, put it in a file would probably be better, and provide more readability

score 0 · Answer 2 · answered Jun 17 '19 at 15:30

Finally, there is a solution :

I put a new pattern in a file custom.txt

MY_DATE_PATTERN %{MONTHDAY}-%{MONTH}-%{YEAR} %{HOUR}:?%{MINUTE}(?::?%{SECOND})

Then in my logstash.conf I put this filter :

grok {
      patterns_dir => ["./patterns"]
      match => {
        "message" => "%{MY_DATE_PATTERN:timestamp}%{SPACE}%{GREEDYDATA:loglevel}%{SPACE}\[%{GREEDYDATA:thread}\]%{SPACE}%{JAVACLASS:classname}%{SPACE}%{GREEDYDATA:logmessage}"
      }
    }
    date {
      match => [ "timestamp" , "dd-MMM-yyyy HH:mm:ss.SSS" ]
    }

Thanks for your help

How to grok catalina log file

2 Answers2