Stack Overflow
Stack Overflow

Questions tagged [grok]

Grok is a web framework running atop of Zope application server written in Python with aim to make Zope technology more accessible to the masses as well as speed up the development process. Exploiting convention-over-configuration paradigm, Grok uses Zope Toolkit libraries and provides building blocks for your application along with the way to tie it all together.

Grok is a web framework running atop of Zope application server written in Python with aim to make Zope technology more accessible to the masses as well as speed up the development process.

Exploiting convention-over-configuration paradigm Grok uses Zope Toolkit libraries and provides building blocks for your application along with the way to tie it all together.

Visit grok to learn more.

486 questions
2
votes
1 answer

GROK regex capture groups not matching

I'm trying to learn how to capture different fields in a log file using logstash's grok filter for the first time and having trouble parsing it correctly. I'm using https://grokdebug.herokuapp.com/ to test my work. This is an example log…
joebegborg07
  • 821
  • 3
  • 14
  • 27
2
votes
1 answer

How do you find a quoted string with specific word in a log message using grok pattern

I have a log message from my server with the format below: {"host":"a.b.com","source_type":"ABCD"} I have this grok pattern so far but it accepts any word in double quotation. \A%{QUOTEDSTRING}:%{PROG} how can I change "QUOTEDSTRING" that only…
EStech
  • 23
  • 2
2
votes
0 answers

telegraf multiline log message and inputs.tail.multiline input plugin

I need to parse a MySQL slow log message with a Telegraf and then pass it to Prometheus. an example of such message is: # Time: 2021-04-01T13:26:56.734727Z # User@Host: root[root] @ localhost [] Id: 3 # Query_time: 3.001243 Lock_time: 0.000000…
Alex Konkin
  • 618
  • 1
  • 7
  • 15
2
votes
1 answer

Using Grok filter out UUID from path string and return path

Here is an example line of the Log I am trying to filter : Request starting HTTP/1.1 GET http://api0.api.sin/api/social/v1/owner/4b3b60f6-1a54-4fbc-87b5-cc44496a6dbf/feeds/notifications/unread/count The result I am expecting is the following: { …
Natan Girma
  • 23
  • 5
2
votes
1 answer

Repeat grok pattern

I have a message like this "Something word word 20/07/2018 word word 25/04/2015".How can I use a grok pattern or a customer pattern to take all dates and add them into a new field which is an array? I tried with a custom regex pattern but when I…
Madalin
  • 55
  • 4
2
votes
2 answers

Extract timestamp from log message

I am trying to index log files to Elastic search. All the log entries are being indexed into a field named message. @timestamp field shows the time the entry was indexed and not the timestamp from log entry. I created a ingest pipeline with grok…
rocky
  • 163
  • 1
  • 2
  • 8
2
votes
1 answer

Custom regular expression for grok

My question is about grok filter in logstash. For logstash filter I need to parse a log file . Sample log statement below 2017-07-31 09:01:53,135 - INFO [QuorumPeer[myid=1]/0:0:0:0:0:0:0:0:2181:ZooKeeperServer@617] - Established session…
BobCoder
  • 743
  • 2
  • 10
  • 27
2
votes
1 answer

Using grok in flink streaming

Flink Pipeline is as follows: read messages(string) from kafka topic. pattern matching through grok converting to json format. Aggregations over a time window over extracted field from json. Below is the code for pattern matching using grok. …
user3351750
  • 927
  • 13
  • 24
2
votes
1 answer

Separate IPV4 and IPV6 addresses with Regular Expressions and Grok

I'm trying to build a Grok pattern for some log files coming in. I have a field in a log message that can look like both of the following: IP Address: (192.168.1.100), IP Address: (192.168.1.100, 2001:0db8:85a3:0000:0000:8a2e:0370:7334), Dealing…
Ben Sooter
  • 317
  • 1
  • 3
  • 11
2
votes
1 answer

Grok debugging - Match first only regex not working as intended

So I have the following log message: [localhost-startStop-1] SystemPropertiesConfigurer$ExportingPropertyOverrideConfigurer loadProperties > Loading properties file from class path resource [SystemConfiguration.overrides] I'm trying to match the…
A_Elric
  • 3,508
  • 13
  • 52
  • 85
2
votes
0 answers

grokparsefailure after some filter in my logstash configuration

i have some log from my network devices. log send to Logstash after some filter with log, i have "grokparsefailure". logstash conf grok { match => { "message" => "^[a-z0-9,]* %{GREEDYDATA:message}" } overwrite…
Pavel Kozlov
  • 21
  • 3
2
votes
2 answers

get name of pattern that matched in grok in logstash

If I have a patterns file with a bunch of regex patterns such as the following A .*foo.* B .*bar.* C .*baz.* and my grok filter looks like the following: grok { patterns_dir => ["/location/of/patterns"] match => { "request" => [ "%{A}", "%{B}",…
Arpan Shah
  • 243
  • 1
  • 3
  • 9
2
votes
1 answer

Is there any way to grok parse URIPATHPARAM when the URL contains invalid characters

Quick background: using access logging from HAProxy and parsing it using grok. HAProxy's %{+Q}r log variable prints " " which we are parsing using "%{WORD:method} %{URIPATHPARAM:url} HTTP/%{NUMBER:httpversion}" This…
Kristofer
  • 7,861
  • 6
  • 30
  • 31
2
votes
0 answers

Processing custom NGINX log with logstash

I have nginx access log that log request body in the form of json string. eg. "{\x0A\x22userId\x22 : \x22MyUserID\x22,\x0A\x22title\x22 : \x22\MyTitle\x0A}" My objective is to store those 2 values (userId and title) into 2 separate fields in…
yanto
  • 31
  • 4
2
votes
2 answers

Regex remove www from URL

I hope someone can help, this is driving me crazy! I am attempting to modify Logstash Grok filters to parse a domain name. Currently the regex is: \b(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:\.(?:[0-9A-Za-z][0-9A-Za-z-]{0,62}))*(\.?|\b) and correctly…
josh
  • 59
  • 1
  • 10
1 2
3
32 33