I am stuck in finding grok filter for processing conversion pattern %d{HH:mm:ss.SSS} %-5p [%t][%c] %m%n in log4j logs
here is an example log entry:
2018-02-12 12:10:03 INFO classname:25 - Exiting application.
2017-12-31 05:09:06 WARN foo:133 - Redirect Request : login
2015-08-19 08:07:03 INFO DBConfiguration:47 - Initiating DynamoDb Configuration...
2016-02-12 11:06:49 ERROR foo:224 - Error Code : 500
can anyone help in finding the Logstash grok filter.
Here I found the filter for your log4j pattren.
filter{
mutate {
gsub => ['message', "\n", " "]
}
grok {
match => { "message" => "(?<date>[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}) (?:%{LOGLEVEL:loglevel}) +(?:%{WORD:caller_class}):(?:%{NONNEGINT:caller_line}) - (?:%{GREEDYDATA:msg})" }
}
}
However, this is specific to the above log.