I received an exercise: I have a log examples "Critical Machine_5 I have a really severe issue 42" "Medium Machine_3 everything is fine 244"
I need to apply Grok patterns in order to map 4 fields "severity", "server" , "text" , "latency"
I am not a specialist in this field, but as I understood the logs should be transformed into the following:
severity: Critical / Medium,
server: Machine_5 / Machine_3,
text: I have a really severe issue / everything is fine,
latency: 42 / 244
The following code returns "Critical" for the first log. But doesn't work for the second.
%{LOGLEVEL:severity}
I use Grok debugger in order to check the approaches. I know this is not a 5 min conversation. But could you help me to solve the issue and to understand the general idea?
So, the solution was to define the correct patterns, as @leandrojmp advised in comments.
Solution: %{WORD:severity} %{WORD:server} %{GREEDYDATA:text} %{WORD:latency}