Stack Overflow
Stack Overflow

Questions tagged [grok]

Grok is a web framework running atop of Zope application server written in Python with aim to make Zope technology more accessible to the masses as well as speed up the development process. Exploiting convention-over-configuration paradigm, Grok uses Zope Toolkit libraries and provides building blocks for your application along with the way to tie it all together.

Grok is a web framework running atop of Zope application server written in Python with aim to make Zope technology more accessible to the masses as well as speed up the development process.

Exploiting convention-over-configuration paradigm Grok uses Zope Toolkit libraries and provides building blocks for your application along with the way to tie it all together.

Visit grok to learn more.

486 questions
1
vote
1 answer

grok pattern for extracting a portion of URI

I've been tasked with managing our ELK stack and writing rules for elastalert, but need a specific part of one field I already have as its own field in order to use elastalert's query_key functionality on that field. We're using these rules…
Min.E.On
  • 109
  • 1
  • 1
  • 9
1
vote
1 answer

Logstash custom date format and irregular spaces

Receiving a parsing failure with my grok match. I can't seem to find anything that will match my log. Here is my log: 2016-06-14 14:03:42 1.1.1.1 GET /origin-www.site.com/ScriptResource.axd?d=…
maltman
  • 454
  • 1
  • 7
  • 28
1
vote
1 answer

Get relative sized sting between delimiters

I'm trying to parse a string that could change it's size with the grok filter. A fast research around the interned returned no clear information if this is possible. What I have is: SOME STRING THAT IS PARSED "I NEED TO PARSE THIS STRING AND IT…
Alexander Demerdzhiev
  • 1,034
  • 2
  • 14
  • 29
1
vote
2 answers

Parsing error "_grokparsefailure" in LogStash

At first I displayed the logs in Kibana from the syslog and it worked fine. I set it up according to the documentation. Now I've changed the source of the logs, now it retrieves logs from my web application and although Kibana still displays them…
Sojo
  • 5,455
  • 3
  • 10
  • 11
1
vote
1 answer

Logstatsh help needed to write grok filter

I am new to this group. Can you please let me know how can I write sample grok filter for below log message ? 1458164618009,971866112000,samplehost.com Memory pid=48653 1)UnixTime 2)Memory used in Kbs 3)Host 4)Memory Pid is Static text 5) 48653…
Satya As
  • 11
  • 1
1
vote
1 answer

How can I break up json data with logstash and kibana

I have a log file with a bunch of lines of json data. For example, here is one…
FAhmed
  • 27
  • 2
1
vote
1 answer

Logstash _grokparsefailure issues?

I'm having issues with grok parsing. In ElasticSearch/Kibana the lines I match come up with the tag _grokparsefailure. Here is my logstash config : input { snmptrap { yamlmibdir => "/opt/logstash/vendor/bundle/jruby/1.9/gems/snmp-…
stefansaye
  • 135
  • 1
  • 3
  • 16
1
vote
1 answer

Parsing postfix events with grok

I'm trying to figure out how it works logstash and grok to parse messages. I have found that example ftp://ftp.linux-magazine.com/pub/listings/magazine/185/ELKstack/configfiles/etc_logstash/conf.d/5003-postfix-filter.conf which start like…
Miquel Àngel
  • 149
  • 1
  • 3
  • 11
1
vote
0 answers

Parse custom (unstable) timestamp format with logstash

I'm trying to parse timestamp and store it as date type in elasticsearch. Storing it as string type is no problem, but I would want to query the logs based on this timestamp. Its format is not standard and isn't found built in logstash patterns.…
Mudasir Ali
  • 128
  • 1
  • 11
1
vote
0 answers

Logstash use field from previous line

I would like to create a statistic for JUnit test durations via logstash to elasticsearch. Currently after every exectution of a JUnit test I write all metadata of the unit test (testclass, testmethod...) in a log file that will be parsed with…
sandrozbinden
  • 1,577
  • 1
  • 17
  • 28
1
vote
1 answer

Grok match json field and value

I'm using koajs with bunyan to save error logs to my server then I use filebeat to have them shipped to my logstash application. My error logs are being forwarded correctly however I would now like to create a filter which will add a tag to specific…
basickarl
  • 37,187
  • 64
  • 214
  • 335
1
vote
1 answer

Path Hierarchy ElasticSearch and Folder Depth?

I am using path hierarchy tokenizer for a field in Logstash/ElasticSearch. So, if the path field is like /a/b/c, the tokenizer converts it to /a /a/b /a/b/c I want to generate stats like a - 3 hits b - 2 hits c - 1…
Ravi Sidhu
  • 11
  • 2
1
vote
1 answer

Grok pattern issues with logstash and postfix

I'm having issues parsing out a certain line of data for my elasticsearch server, in order to make it searchable, etc. What I'm attempting to do here is have postfix log the subject line of all messages that go through the system. I am aware this…
Creibold
  • 23
  • 1
  • 6
1
vote
2 answers

logstash grok filter regular expression works in debug tool but failed in actual execution

I'm trying to extract a filed out of log line, i use http://grokdebug.herokuapp.com/ to debug my regular expression with: (?(?<=action=).*(?=\&)) with input text like this: /event?id=123&action={"power":"on"}&package=1 i was able to get…
Gavin Huang
  • 177
  • 1
  • 12
1
vote
1 answer

String all characters in grok

How can I parse the field jsession in the following log line? 2015-11-02 11:28:02,838 [TF701_0101] [124] [10.126.132.10] [JWFhW36DfTCZYpGgzF3QlDwN8j2cDznrKSBvz8hQw0lkTdknr67Y!1315365112!-629296615; path=/] This is the filter I have currently filter…
user3228279
  • 63
  • 1
  • 2
  • 7
1 2 3
32 33