1

I'm trying to parse the below log entry for Elasticsearch using grok pattern.

Example entry log for parsing:

[AD Thread Pool-Global0] 09 Mar 2021 05:45:29,704 ERROR NetVizAgentRequest - Fatal transport error while connecting to URL [http://127.0.0.1:3892/api/agentinfo?timestamp=0&agentType=APP_AGENT&agentVersion=1.2.0]: org.apache.http.conn.HttpHostConnectException: Connect to 127.0.0.1:3892 [/127.0.0.1] failed: Connection refused (Connection refused)

Grok Pattern that I have tried:

"\\[%{DATA:threadName}\\] (?<eventTimestamp>%{MONTHDAY} %{MONTH} %{YEAR} %{HOUR}:%{MINUTE}:%{SECOND},%{POSINT})%{SPACE}%{LOGLEVEL:logLevel} %{JAVACLASS:class} \\- %{GREEDYDATA}"

But when I try debugging it using the Grok Debugger, it is showing no match found.

Maybe someone has more experience.

Can you help me understand why there are no matches or help with the correct Grok Pattern that matches the log entry.

Sourav
  • 3,025
  • 2
  • 13
  • 29
Alex_kl
  • 11
  • 1

1 Answers1

0

Here is the grok pattern that matches your log pattern:

\[%{GREEDYDATA:threadname}\] (?<timestamp>%{MONTHDAY} %{MONTH} %{YEAR} %{TIME}) %{LOGLEVEL:loglevel} %{DATA:javaclass} \- %{GREEDYDATA:message}

I have validate the same in GROK DEBUGGER

Here is the output:

enter image description here enter image description here

Sourav
  • 3,025
  • 2
  • 13
  • 29