I'm trying to get the grok pattern for the following web log line:
[2020-12-14 10:44:57,598: INFO/ForkPoolWorker-1] Task celery.chord_unlock[1f93d444-835f-4ff4-b730-915b0f17f9ab] retry: Retry in 1s
and this is the pattern I've got:
%{DATESTAMP:timestamp},%{INT:pid}:\s%{DATA:loglevel}%{GREEDYDATA:message}
which simulates this:
{
"timestamp": [
"20-12-14 10:44:57"
],
"pid": [
"598"
],
"loglevel": [
""
],
"message": [
"INFO / ForkPoolWorker-1] Task celery.chord_unlock [1f93d444-835f-4ff4-b730-915b0f17f9ab] retry: Retry in 1s"
]
}
I hope this is a better one for you:
%{DATESTAMP:timestamp},%{INT:pid}: %{DATA:loglevel}/%{DATA:worker}] %{GREEDYDATA:message}
build it using grok debugger and cheat-sheet.