Search code examples
logstashlogstash-groklogstash-configuration

how to write the logstash output config to get ABC,AD_EF,123?

my log format is:

XXX: 03-20 17:52:28:  XXX. * 0 XXX [XXX] [X XX: X]:XXX\tABC:AD_EF:123\t0\tXXXXXXXXXXXXXXXX\tXXXXXXXXXXXXXXXXXXX

how to write the logstash output config to get ABC, AD_EF, 123 ?

output example: good,ABC,DEF,123

output {
    file {
        path  => "/xxx/xxx/xxx/output.txt"
        codec => plain {
            format => "good,ABC,DEF,123"   # how to write this regular expression????
        }
        flush_interval => 0
    }
}
Solution

  • Thanks For All help, but maybe I made a mistake. And Finally, I get the answer for my quest:

    filter {
grok {
    match => {
        "message" => "XXX\t(?<field1>\w+?):(?<field2>\w+?):(?<field3>\d+?)\t"
    }
}}