GROK Filter Help Logstash

Question

Hello I am new to GROK learning, I am trying to store following log in seperate fields, having a hard time writing a GROK filter to do it

This is the log

01/04/2021 15:30:00.300 +03:00 - [INFO] - [w3wp/LPAPI-Last Casino/95] - Log Message XXXXXXXXXXXXXXXXXXX

and I want to extract in this pattern

DATE TIME TIMEZONE - [SEVERITY] - [APPLICATION/SUBSYSTEM/THREAD_ID] - MESSAGE

So far this is what I have which works till SEVERITY Level %{DATESTAMP:TimeStamp} %{ISO8601_TIMEZONE:TimeZone} - \[%{LOGLEVEL:Severity} - \[%{DATA:APPLICATION}\/%{DATA:SUBSYSTEM}\/%{BASE10NUM:THREAD_ID}\]' — Haider, Jan 21 '22 at 00:20
Please provide enough code so others can better understand or reproduce the problem. — Community, Feb 01 '22 at 07:40

score 0 · Answer 1 · edited Jan 25 '22 at 05:25

0

This did the trick

filter {
    grok {
        match => { "message" => "%{DATESTAMP:TimeStamp} %{ISO8601_TIMEZONE:TimeZone} - \[%{LOGLEVEL:Severity}] - \[%{DATA:APPLICATION}/%{DATA:SUBSYSTEM}/%{BASE10NUM:THREAD_ID}] - %{GREEDYDATA}"}
    }
}

edited Jan 25 '22 at 05:25

Peter Csala

17,736
16
35
75

answered Jan 24 '22 at 20:40

Haider

13
2

Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Jan 25 '22 at 05:26

GROK Filter Help Logstash

1 Answers1