2017-08-09T12:01:43.049963+05:30 55.3.244.1 11235 GET
This is my log data.
I am trying to filter this data using custom patterns. I am getting "_grokparsefailure" error.
my pattern file data isTIMESTAMP_LOG [0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{6}\+[0-9]{2}:[0-9]{2}
my filter is:
filter {
grok {
patterns_dir => ["./patterns"]
match => { "message" => "%{TIMESTAMP_LOG:time} %{IP:client} %{NUMBER:bytes} %{WORD:method}" }
} }
can anyone help me where i am done wrong.Thanks.
Your timestamp is actually of a standard format - ISO8601. So instead of having your custom pattern for timestamp, you can use one built into Logstash instead. I tested this grok pattern and it worked with your sample log:
%{TIMESTAMP_ISO8601:time} %{IP:client} %{NUMBER:bytes} %{WORD:method}