I have a log string like :
2018-08-02 12:02:25.904 [http-nio-8080-exec-1] WARN o.s.w.s.m.s.DefaultHandlerExceptionResolver.handleTypeMismatch - Failed to bind request element
In the above string [http-nio-8080-exec-1] is a optional field, it can be there in some log statements.
i created a grok patterns like with some references on net :
%{TIMESTAMP_ISO8601:timestamp} (\[%{DATA:thread}\])? %{LOGLEVEL:level}%{SPACE}%{JAVACLASS:class}\.%{DATA:method} - %{GREEDYDATA:loggedString}
seems its not working if i remove the thread name string.
you need to make the space character following the thread name optional: (\[%{DATA:thread}\] )?
input:
2018-08-02 12:02:25.904 WARN o.s.w.s.m.s.DefaultHandlerExceptionResolver.handleTypeMismatch - Failed to bind request element
pattern:
%{TIMESTAMP_ISO8601:timestamp} (\[%{DATA:thread}\] )?%{LOGLEVEL:level}%{SPACE}%{JAVACLASS:class}\.%{DATA:method} - %{GREEDYDATA:loggedString}
output:
{
"loggedString": "Failed to bind request element",
"method": "handleTypeMismatch",
"level": "WARN",
"class": "o.s.w.s.m.s.DefaultHandlerExceptionResolver",
"timestamp": "2018-08-02 12:02:25.904"
}