Hello I have below logs
12-Apr-2021 16:11:41.078 WARNING [https-jsse-nio2-8443-exec-3] org.apache.catalina.realm.LockOutRealm.filterLockedAccounts An attempt was made to authenticate the locked user [uv19nb]
12-Apr-2021 16:01:01.505 FINE [https-jsse-nio2-8443-exec-8] org.apache.catalina.realm.CombinedRealm.authenticate Failed to authenticate user [uv19nb] with realm [org.apache.catalina.realm.JNDIRealm]
12-Apr-2021 17:12:45.289 FINE [https-jsse-nio2-8443-exec-5] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Authentication of 'uv19nb' was successful
I am trying to build a pattern for these for logstash.
I have following
%{MY_DATE_PATTERN:timestamp}\s%{WORD:severity}\s\[%{DATA:thread}\]\s%{NOTSPACE:type_log}
which parses below
{
"timestamp": [
"12-Apr-2021 16:01:01.505"
],
"severity": [
"FINE"
],
"thread": [
"https-jsse-nio2-8443-exec-8"
],
"type_log": [
"org.apache.catalina.realm.CombinedRealm.authenticate"
]
}
and i would like to parse log as 2 parts as the bold ones and the user name what would you advise please?
An attempt was made to authenticate the locked user [uv19nb]
Failed to authenticate user [uv19nb] with realm [org.apache.catalina.realm.JNDIRealm]
Authentication of 'uv19nb' was successful
I have tried using (?<action>[^\[]*) and (?<action>[^']*) but they only capture if the next character is either [ or '.
I need some regex/grok pattern to catch all the sentence until any special character I believe and for user name I need to extract numbers and letters from [] and ''.
