Logstash grok pattern for space field

logstash-grok
user6826691 picture user6826691 · Mar 27, 2017 · Viewed 15.6k times · Source

Hi How to write a grok expression for the below log 

[2017-03-25T00:00:07,137][WARN ]

match => { "message" => "\[%{TIMESTAMP_ISO8601:timestamp}/]/[%{LOGLEVEL:log-level}\s*\]" }

Is this correct , how to write space in grok ? Thanks

Answer

fylie picture fylie · Mar 27, 2017

%{SPACE} is that pattern that matches 0 or more spaces, which is very useful if you don't know (or care!) if there will be a space or not.

Related questions

How to handle non-matching Logstash grok filters

I am wondering what the best approach to take with my Logstash Grok filters. I have some filters that are for specific log entries, and won't apply to all entries. The ones that don't apply always generate _grokparsefailure tags. For …

Read More
Is there any existing grok{} pattern for date format YYYY/MM/DD HH:mm:ss?

I was checking the nginx error logs at our server and found that they start with date formatted as: 2015/08/30 05:55:20 i.e. YYYY/MM/DD HH:mm:ss. I was trying to find an existing grok date pattern which might help …

Read More
How to process multiline log entry with logstash filter?

Background: I have a custom generated log file that has the following pattern : [2014-03-02 17:34:20] - 127.0.0.1|ERROR| E:\xampp\htdocs\test.php|123|subject|The error message goes here ; array ( 'create' => array ( 'key1' => 'value1', 'key2' => …

Read More