This is a example from WSO2 Audit log file
[2016-11-22 00:20:30,657] INFO - Initiator : wso2.system.user | Action :
Change Password by User | Target : admin | Data : { } | Result : Success
I am trying to write a Grok pattern using frok debugger, but all I am getting is No Matches.
\[%{TIMESTAMP_ISO8601:timestamp}\]%{SPACE}%{LOGLEVEL:level}-%{SPACE}%
{GREEDYDATA:log_message}
The pattern is missing a space between %{LOGLEVEL:level} and the following dash (-).
It would look like this : ...%{LOGLEVEL:level}%{SPACE}-%{SPACE}... or ...%{LOGLEVEL:level} -%{SPACE}... (you don't have to use %{SPACE} if you are sure the number of spaces will always be the same).