I´m trying to extract the number of ms in this logline
20190726160424 [INFO] [concurrent/forasdfMES-managedThreadFactory-Thread-10] - Metricsdceptor: ## End of call: Historirrtory.getHistrrOrder took 2979 ms
The problem is, that not all loglines contain that string Now I want to extract it optionally into a duration field. I tried this, but nothing happend .... no error, but also no result.
grok
{
match => ["message", "(took (?<duration>[\d]+) ms)?"]
}
What I´m I doing wrong ?
Thanks guys !
A solution would be to only apply the grok filter on the log lines ending with ms. It can be done using conditionals in your configuration.
if [message] =~ /took \d+ ms$/ {
grok {
match => ["message", "took %{NUMBER:duration} ms"]
}
}