Search code examples
logstashlogstash-grok

Why my code doesn't work in grok debugger

I'm new to this site and I'm starting to learn how to use logstash, Grok Debugger return : Compile error for this log line:

[29/02/2020 07:34:27.805] - sc879537 - 10.107.192.25 - 12 - Transaction 2659 COMPLETED 6849 ms wait time 3597

Here's my code :

filter {
  grok {
    match => {
      "message" => ["\[%{LOGDATE:logdate}\] \- %{USERNAME:user} \- %{IP:clientip} \- %{NUMBER} \- %{WORD} %{NUMBER:exectime} %{WORD} %{WORD} %{WORD} %{NUMBER:waittime}"]
  }
}
  
date {
    match => [ "logdate", "MM/dd/YYYY HH:mm:ss.SSS" ]
  }
}
Solution

  • Please find below the grok pattern that will match your log pattern.

    \[%{DATESTAMP:logdate}\] \- %{USERNAME:user} \- %{IPV4:clientip} \- %{NUMBER} \- %{WORD} %{NUMBER:exectime} %{WORD} %{NUMBER:time} %{GREEDYDATA:data} %{NUMBER:waittime}

    I have used the grok debugger to verify the grok pattern. Please find below the output of the grok pattern.

    enter image description here enter image description here