Facing grok filter issue

Question

Response :  "timestamp":"2023-04-21T06:27:06.255+00:00","status":404,"error":"Not Found","path":"/logs" 
 
Grok filter : (?<timestamp>%{TIMESTAMP_ISO8601})\s+%{NUMBER:response_code}\s+%{DATA:error}\s+%{DATA:path}

also treid :  (?<timestamp>%{TIMESTAMP_ISO8601})\,+%{NUMBER:response_code}\,+%{DATA:error}\,+%{DATA:path}

I am facing issue to create filter for my response , Please suggest .

score 2 · Accepted Answer · answered Apr 24 '23 at 07:15

2

Try this,

"timestamp":"%{TIMESTAMP_ISO8601:timestamp}","status":%{NUMBER:status:int},"error":"%{DATA:error}","path":"%{DATA:path}"

answered Apr 24 '23 at 07:15

Ankit

599
2
11

1

Worked !! thanks Ankit – Ashish Pathak Apr 24 '23 at 07:18
If it worked for you, you should select this as answer. – Ankit Apr 29 '23 at 14:59

Facing grok filter issue

1 Answers1