Consider the below string
date 00:00 1.1.1.1 POST test.com hello-world
How could I print only the date totaltime and URL(test.com) using grok?
Asked
Active
Viewed 340 times
1 Answers
0
Given the sample above
^%{DATA:date} %{DATA:time} %{IP:ip} %{DATA:method} %{DATA:url} %{GREEDYDATA:path}$
would generate:
{
"date": [
[
"date"
]
],
"time": [
[
"00:00"
]
],
"ip": [
[
"1.1.1.1"
]
],
"method": [
[
"POST"
]
],
"url": [
[
"test.com"
]
],
"path": [
[
"hello-world"
]
]
}
Afterwards you can mutate it whichever form you want
YouryDW
- 393
- 1
- 7