Am trying to parse Tomcat logs using GROK filter my logs has the below format
03/14/18 02:01:26 Event Created in BPPM: 512461 in 6ms
The last field 6ms field is average response time of the app which i want to have as INTEGER so that it can be aggregatable in KIBANA how to achieve this using GROK.
You can do like this:
grok {
match => ["message", "%{DATE:date} %{TIME:time} %{DATA:message}: %{WORD:some_id} in %{NUMBER:response_time}ms"]
}
mutate {
convert => {"response_time" => "integer" }
}
This should work. Let me know if it worked for you. Thanks !!