i am trying to parse the below log
2015-07-07T17:51:30.091+0530,857,SelectAppointment,Non HTTP response code: java.net.URISyntaxException,FALSE,8917,20,20,0,1,1,byuiepsperflg01
Now I am unable to parse Non HTTP response code: java.net.URISyntaxException in one field. Please help be build the pattern
This is the pattern I'm using
%{TIMESTAMP_ISO8601:log_timestamp}\,%{INT:elapsed}\,%{WORD:label}\,%{INT:responsecode}\,%{WORD:responsemessage}\,%{WORD:success}\,%{SPACE:faliusemessage}\,%{INT:bytes}\,%{INT:grpThreads}\,%{INT:allThreads}\,%{INT:Latency}\,%{INT:SampleCount}\,%{INT:ErrorCount}\,%{WORD:Hostname}
If you paste your input and pattern into the grok debugger, it says "Compile ERROR". It might be an SO problem, but you had some weird characters in your pattern ("<200c><200b>").
The trick to building custom patterns is to start at the left side and pull one piece off at a time. With that, you would notice that this partial pattern works:
%{TIMESTAMP_ISO8601:log_timestamp},%{INT:elapsed},%{WORD:label}
but this one returns "No Matches":
%{TIMESTAMP_ISO8601:log_timestamp},%{INT:elapsed},%{WORD:label},%{INT:responsecode}
because you don't have an integer in that position.
Continue adding fields one at a time until everything you want is matched.
Note that you don't have to escape the commas.