Stack Overflow
Stack Overflow

Questions tagged [grok]

Grok is a web framework running atop of Zope application server written in Python with aim to make Zope technology more accessible to the masses as well as speed up the development process. Exploiting convention-over-configuration paradigm, Grok uses Zope Toolkit libraries and provides building blocks for your application along with the way to tie it all together.

Grok is a web framework running atop of Zope application server written in Python with aim to make Zope technology more accessible to the masses as well as speed up the development process.

Exploiting convention-over-configuration paradigm Grok uses Zope Toolkit libraries and provides building blocks for your application along with the way to tie it all together.

Visit grok to learn more.

486 questions
0
votes
2 answers

grok help for logstash

My logs look as such 00009139 2015-03-03 00:00:20.142 5254 11607 "HTTP First Line: GET /?main&legacy HTTP/1.1" I tried using grok debugger to get this information formatted with no success. Is there any way to get this format using grok? The…
pcproff
  • 612
  • 1
  • 8
  • 30
0
votes
1 answer

logstash grok parse user agent string parse certain fields

I have this UA in a log file Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2267.0 Safari/537.36 Now all I really want is to grab things like Windows NT 6.1 (i.e. win7) and WOW64 i.e. 64 bit system. My current…
Killerpixler
  • 4,200
  • 11
  • 42
  • 82
0
votes
1 answer

logstash grok filter ignore certain parts of message

I have a drupal watchdog log file that starts with syslog things like timestamp etc, and then has a pipe delimited number of things that I logged in watchdog. Now I am writing a grok filter rule to get fields out of that. I have a few URLs in the…
Killerpixler
  • 4,200
  • 11
  • 42
  • 82
0
votes
1 answer

Logstash multiline filter for PostgreSQL

I'm trying to create filter for postgresql logs. Log records can be single-lined such as 2014-01-14 17:23:08 EST DETAIL: Remote detail: Key (id)=(913072088342860500) already exists. or multilined: 2014-02-04 19:26:08 EST CONTEXT: Remote context:…
user144765
  • 133
  • 6
0
votes
1 answer

how to match several possible log events formats?

I have events from one log source which can have several known formats. As an example 10:45 Today is Monday 11:13 The weather is nice 12:00 The weather is cloudy I can match each of them via The weather is %{WORD:weather} Today is…
WoJ
  • 27,165
  • 48
  • 180
  • 345
0
votes
1 answer

_grokparsefailure on successful match

I started using logstash to manage syslog. In order to test it I am sending from a remote machine simple messges and try to parse them with logstash. The only Logstash configuration, used via the command line: input { syslog { …
WoJ
  • 27,165
  • 48
  • 180
  • 345
0
votes
1 answer

Does logstash support If-Then-Else Conditionals in Regular Expressions?

I tried to use follow regex: (a)?b(?(1)c|d). It is example from http://www.regular-expressions.info/conditional.html. But I got error. /opt/logstash-1.4.2/bin/logstash -e 'input { stdin { } } filter { grok { match => [ "message", "(a)?b(?(1)c|d)" ]…
fervid
  • 2,033
  • 3
  • 13
  • 13
0
votes
2 answers

Logstash configuration missing last exception of exception log

I use logstash to parse exception logs which get send over network via TCP. As the exception log is multiline I use a multiline filter to parse the data. Unfortunately the last exception log being send is not recognized as logstash does not know…
tester
  • 3,977
  • 5
  • 39
  • 59
0
votes
1 answer

Logstash Grokked Data Does Not Reach ElasticSearch

I have a simple Logstash 1.4.1 setup and the data seems correct in stdout, but in ES/Kibana the "message" field is not overwritten. logstash.conf input { file { path => "/var/log/nginx/access.log" type => "nginx_access" } } filter { …
Jasper
  • 1,971
  • 19
  • 34
0
votes
1 answer

Dynamic elasticsearch index_type using logstash

I am working on storing data on elasticsearch using logstash from a rabbitmq server. My logstash command looks like logstash -e 'input{ rabbitmq { exchange => "redwine_log" key => "info.redwine" host => "localhost" durable => true …
Ysak
  • 2,601
  • 6
  • 29
  • 53
0
votes
1 answer

Logstash parsing unix time in milliseconds since epoch

I am trying to match unix time in milliseconds since epoch in logstash/grok using the UNIX_MS pattern and I am getting : pattern %{UNIX_MS:timestamp} not defined The UNIX_MS is defined Logstash Date Log, and when I run with --configtest, the test…
Aleš
  • 8,896
  • 8
  • 62
  • 107
0
votes
1 answer

grok filter written with regex always fail / grokparsefailure

I written a grokfilter with regex and in the Grok Debugger the config works without errors but when i want to match in the logstash.conf the result is always a "grokparsefailure" The message I want to match is: 10.196.3.3 - -…
Christian
  • 1
0
votes
1 answer

Python/Plone - Is it possible to call a global utility at module level of a py file?

I have a product for a plone site with a module containing a utility class, and in the module that will/should use this utility, I am trying to have it setup at the module level. In the module containing the utility (my.product.testutility), I have…
Patrick Downey
  • 965
  • 8
  • 13
0
votes
1 answer

logstash stopped match a grok second grok filter

I have two types of logs messages from one source. I am trying to parse them using configuration like this: filter { if [type] == "my_type" { grok { match => [ "message", "field1:" ] break_on_match => false add_tag =>…
Juraj
  • 1
  • 1
0
votes
2 answers

What is the last part in the grok match pattern?

I've noticed some people use the 3rd part in a grok matching predicate, like %{NUMBER:response_status:int} ^--- ?? It's obvious what first 2 mean, and I can guess that the 3rd one is an explicit type of the result, but I…
zerkms
  • 249,484
  • 69
  • 436
  • 539
1 2 3
32 33