In my logstash configuration i need to use multiple patterns.My application generate logs in 3 patterns . i tried to use array for multiple pattern but its not working.
filter{
grok{
match=>{
"message"=>[
"\[%{TIMESTAMP_ISO8601:timestamp}\] COMMTRACE user=\[%{GREEDYDATA:userId}\]\, sessionId\=\[%{GREEDYDATA:sessionId}\]\, ip\=\[%{HOSTNAME:ip}\]\, event\=\[%{GREEDYDATA:event}\]",
"\[%{TIMESTAMP_ISO8601:timestamp}\] COMMTRACE user\=\[%{GREEDYDATA:user}\], sessionId\=\[%{GREEDYDATA:sessionId}\], ip\=\[%{IP:ip}\]\, type\=\[%{GREEDYDATA:type}\]\, msg\=\[%{GREEDYDATA:msg}\]"
]
}
}
}
Please help
You didn't escape the comma inside the second pattern after GREEDYDATA:user, and the comma after GREEDYDATA:sessionId too.