Stack Overflow
Stack Overflow

Questions tagged [grok]

Grok is a web framework running atop of Zope application server written in Python with aim to make Zope technology more accessible to the masses as well as speed up the development process. Exploiting convention-over-configuration paradigm, Grok uses Zope Toolkit libraries and provides building blocks for your application along with the way to tie it all together.

Grok is a web framework running atop of Zope application server written in Python with aim to make Zope technology more accessible to the masses as well as speed up the development process.

Exploiting convention-over-configuration paradigm Grok uses Zope Toolkit libraries and provides building blocks for your application along with the way to tie it all together.

Visit grok to learn more.

486 questions
1
vote
1 answer

Enable gzip compression in a Grok - Zope - PasteScript environment

I am trying to make my server send gzipped data. I have a grok application that runs over Paste (Paste-1.7.2-py2.4.egg) I have been trying to google how to make all that environment to serve data in gzip... But without success... I think the answer…
Savir
  • 17,568
  • 15
  • 82
  • 136
1
vote
1 answer

Logstash grok pattern to filter a pretty long log line, add ignore between

This is a log line 2015-10-05 12:04:19.199 INFO 4808 --- [metrics-logger-reporter-2-thread-1] com.example.metrics : type=TIMER, name=demo.ws.rest.controllers.ItemController.getAllItems, count=0, min=0.0, max=0.0, mean=0.0,…
GrugBrainedDeveloper
  • 21
  • 6
1
vote
1 answer

logstash grok parse url

I have been searching online, but cannot quite figure this out. grok { match => ["message", "%{TIMESTAMP_ISO8601:log_timestamp} %{URIPATH:url} } I need to get contents out of the url and put stuff it in elastic search. Logs have urls like…
Dhrumil
  • 117
  • 5
  • 13
1
vote
1 answer

Which grok pattern for logstash multiline with different event dividers

I have a log file (zope/plone event.log) which using custom string (e.g "-----") as divider between events, how grok pattern for parsing this log file to logstash should be? This is an example how the log look like: ------ 2014-07-21T12:13:30 INFO…
Dinh Anh Cuong Nguyen
  • 43
  • 4
1
vote
2 answers

logstash _grokparsefailure all the time. even thos debugger says its fine

here is my log…
elitzur e
  • 65
  • 10
1
vote
1 answer

How do I replace a field in logstash

I'm doing an insert from Logstash into ElasticSearch. My problem is that I used a template in ES to lay out the data types, and I am sometimes getting values from Logstash that are null values (or dashes) when I've declared in ES that they should…
jasonmclose
  • 1,667
  • 4
  • 22
  • 38
1
vote
0 answers

Regex for log fields not always in order

I hope someone will be able to help me on that headache. I am a bit stuck on a regex/grok/logstash syntax. I am trying to parse kibana logs, but fields in logs not always comes in the same order. Here are 3 logs as…
Greg1201
  • 11
  • 2
1
vote
1 answer

logstash grok multiline - how to merge to previous line any line that doesn't start with timestamp

sometimes I print to log indented pretty jsons which printed in multiple lines. so I need to be able to tell logstash to append these prints to the original line of the original event. example: xxx p:INFO d:2015-07-21 11:11:58,906…
kumetix
  • 1,032
  • 1
  • 12
  • 18
1
vote
1 answer

grok pattern for jmeter

i am trying to parse the below log 2015-07-07T17:51:30.091+0530,857,SelectAppointment,Non HTTP response code: java.net.URISyntaxException,FALSE,8917,20,20,0,1,1,byuiepsperflg01 Now I am unable to parse Non HTTP response code:…
user3045254
  • 133
  • 2
  • 10
1
vote
1 answer

logstash grok remove fqdn from hostname and igone ip

my logstash input receive jsons that look like that: {"src":"comp1.google.com","dst":"comp2.yehoo.com","next_hope":"router4.ccc.com"} and also the json can look like this ( some keys can hold ip instead of host…
tomer
  • 231
  • 2
  • 4
  • 12
1
vote
1 answer

How can i use grok filter to get the matched messages in the tomcat logs?

I'm getting different different information in the tomcat logs. I want only the line with the message "Server startup in" . Im using the grok filter in the logstash,but im unable to get the only one filtered message with that message. I'm getting…
A.N.B Akhilesh
  • 211
  • 4
  • 16
1
vote
1 answer

can't force GROK parser to enforce integer/float types on haproxy logs

Doesn't matter if integer/long or float, fields like time_duration (all time_* really ) map as strings in kibana logstash index. I tried using mutate (https://www.elastic.co/blog/little-logstash-lessons-part-using-grok-mutate-type-data) did not work…
strzelecki.maciek
  • 324
  • 2
  • 22
1
vote
0 answers

Having trouble parsing checkpoint firewall logs using grok filter

They are check point fire wall logs and they look like so.... (first row = fields, second row and all the rows thereafter = values of the respective fields) "Number" "Date" "Time" "Interface" "Origin" "Type" "Action" "Service" "Source Port"…
DannyKELK
  • 33
  • 2
  • 6
1
vote
1 answer

How to extract CPU Usage details from the log file in logstash

I am trying to extract the CPU usage and timestamp from the message: 2015-04-27T11:54:45.036Z| vmx| HIST ide1 IRQ 4414 42902 [ 250 - 375 ) count: 2 (0.00%) min/avg/max: 250/278.50/307 I am using logstash and here is my logstash.config…
Katie
  • 763
  • 1
  • 9
  • 21
1
vote
2 answers

Logstash grok filter to extract substring from path and add to host field

I am reading data from files by defining path as *.log etc, Files names are like app1a_test2_heep.log , cdc2a_test3_heep.log etc How to configure logstash so that the part of string that is string before underscore (app1a, cdc2a..) should be grepped…
Ravi Kishore
  • 139
  • 1
  • 2
  • 7
1 2 3
32 33