Stack Overflow
Stack Overflow

Questions tagged [grok]

Grok is a web framework running atop of Zope application server written in Python with aim to make Zope technology more accessible to the masses as well as speed up the development process. Exploiting convention-over-configuration paradigm, Grok uses Zope Toolkit libraries and provides building blocks for your application along with the way to tie it all together.

Grok is a web framework running atop of Zope application server written in Python with aim to make Zope technology more accessible to the masses as well as speed up the development process.

Exploiting convention-over-configuration paradigm Grok uses Zope Toolkit libraries and provides building blocks for your application along with the way to tie it all together.

Visit grok to learn more.

486 questions
0
votes
1 answer

Logstash Grok filter - naming the fields according to content

I have a question regarding the grok filter in Logstash. Assume that I have two log messages as below: 06 Oct 2014 15:49:23,256 DEBUG [http-8080-1] (com.webratio.units.content.rtx.db.PowerIndexUnitService:45) -…
Candan
  • 33
  • 4
0
votes
0 answers

Logstash date parsing

I am having issue mapping my date to @timestamp Here is the log format ( 0 - 12 for hr - below eg is for 8 PM ) 09/04/2014 8:14:12 I am filtering it as below - %{DATESTAMP:StatshttpDate} I tried both below and do not seem to work. …
cloudnoob
  • 85
  • 8
0
votes
1 answer

Logstash Date Filter

I have a log file which has date in following format "respHdr":{"date":"Tue,%2008%20Jul%202014%2022:08:18%20GMT","expires":"Tue,%2008%20Jul%202014%2022:08:18%20GMT"} How to parse the given date format using logstash Date filter?
Atul K.
  • 352
  • 1
  • 6
  • 16
0
votes
1 answer

Logstash grok pattern for Dropwizard request logs

I am using 0.6.2 version of dropwizard and I wanted to publish all request logs on Logstash and do some analysis on it. LogStash has a grok pattern of apache logs. COMBINEDAPACHELOG But when I use that I get a grok parse failure.Does any one know…
Abhijeet Kushe
  • 2,477
  • 3
  • 26
  • 39
0
votes
1 answer

Groking Cisco switches with Logstash

I'm setting up Logstash (ELK) as our central logging server and so far have had good luck with simple filters, but this latest one for our switches isn't coming as easily. Here's what a typical line looks like: <179>12600: [syslog@9 s_id…
ceskib
  • 140
  • 1
  • 8
0
votes
1 answer

parsing custom log in Logstash

I want to ask your help in parsing my logs in custom format. I tried to use http://grokdebug.herokuapp.com/ for discover my log format, but unfortunately I didn't succeed. my log has the next format:…
mimin0
  • 871
  • 8
  • 9
0
votes
1 answer

Logstash filters: When is a filter executed?

I searched the logstash docs but i could not find out how logstash executes the filters. I will explain by example: Multiple config files, apache.conf nginx.conf logic.conf Both nginx and apache config files contain a filter that will trigger if…
Sam
  • 2,647
  • 2
  • 20
  • 25
0
votes
1 answer

Why is java-grok returning last successful match when string does not match?

https://github.com/thekrakken/java-grok I'm using this Grok API for Java. Code is as follows: Grok grok = Grok.EMPTY; // add a pattern to grok grok.addPatternFromFile("pat.txt"); // compile and add semantic …
manic.coder
  • 93
  • 5
0
votes
1 answer

grok skip columns issue

Issue : I have a log file to parse with 84 columns of which 60 are optional. I got the Pattern working but if grok finds a single log line with a missing field it throws an error. In my case 99% of the logs have some field missing.Is there a way I…
Rachit
  • 1
  • 2
0
votes
1 answer

Log stash filters

I need a help for writing the filters for logstash. My logstash is configured to read syslog. The log message is as follows, Mar 14 15:11:11 localhost 192.168.235.136 {'status': 'True', 'endpoint': '/search/basic/', 'parameters':
Bhupesh Pant
  • 4,053
  • 5
  • 45
  • 70
0
votes
1 answer

Logstash - grok not parsing even with grokdebugger being happy

Im at a loss and probably should step away from the problem, Can anyone help spot what I am missing. Logstash keep thowing "_grokparsefailure". Scratching my head??? using logstash logstash-1.3.3-flatjar.jar Log file example proxy.ian.com -…
IanN
  • 289
  • 4
  • 13
0
votes
0 answers

Parsing SCCM 2007/2012 Logs with Grok in Logstash

I have a small POC working for Logstash consuming a Number of Windows Events and flat log files via RSyslog, so far so good thanks to the excellent documentation availible for Logstash/Grok! In my efforts to document and one day blog this experience…
thebrianlopez
  • 21
  • 3
0
votes
3 answers

grok - how do you find a quoted string

I am trying to grab the output from an nginx log file and send it to logstash. 10.1.10.20 - bob [14/Feb/2014:18:57:05 +0000] “POST /main/foo.git/git-upload-pack HTTP/1.1” 200 3653189 “-” “git/1.8.3.4 (Apple Git–47)” Grock is able to find the first…
spuder
  • 17,437
  • 19
  • 87
  • 153
0
votes
1 answer

Logstash hostname split up

My hostnames are something like "companyname-instancename". When the logs get sent to logstash and then stored in elasticsearch, they seem to get split up at the "-". How can I prevent this in logstash? Do I have to change the hosts field?
Sebastian Hoitz
  • 9,343
  • 13
  • 61
  • 77
0
votes
0 answers

logstash grok pattern not functioning as expected

I am having an interesting problem. After using http://grokdebug.herokuapp.com/ which works very well. I am finding that the following message, though it works on the above site, and works for seemingly identical messages, is not working as…
tc3driver
  • 13
  • 6
1 2 3
32 33