Finding grok pattern for Log file

I have a log file in the following format :

net.ipv4.tcp_keepalive_time = 30

I tried to write a grok file, but am not able to correctly encode the = 30 part of the expression.

This is my implmentation so far :

%{WORD:word1}.%{WORD:word2}.%{WORD:word3}|%{SPACE:space}%{URIPARAM:sign}%{SPACE:space}%{NONNEGINT:num}

Solution

I hope either of these two pattern will help to solve your problem.

%{WORD:word1}.%{WORD:word2}.%{WORD:word3} = %{INT:number}

%{WORD:word1}.%{WORD:word2}.%{WORD:word3}\s\S\s%{INT:number}

I have used grok debugger https://grokdebug.herokuapp.com/ to create the pattern. Here is the screenshot of the output.