I am new to LogStash. So I am learning GROK patterns and how to extract data from log lines. So I am using Logback to print log lines. The layout in the logback.xml is something like:
%date{dd/MM/YYYY HH:mm:ss.SSS ZZ} [%-5level] [%thread] %logger{40} - %msg%n%xThrowable
So it normally prints a log output in a file like:
07/06/2022 14:37:41.471 +0530 [WARN ] [main] com.cmt.trial.logging.LoggingTrial - Trying to log an warn
Now so far, I have got to:
%{DATE_EU:date} %{TIME:time} %{ISO8601_TIMEZONE:zone} \[%{LOGLEVEL:loglevel}.*]
Which does pull out the date, time, time zone and the log level. But I am not able to think of a way to extract [main] which is the thread name. Any pointers on this would be helpful.
Thanks in advance.
It is possible to use DATA (regex .*?) instead of GREEDYDATA (regex .*) (code here), knowing that the thread name is inside brackets, so something like
%{DATE_EU:date} %{TIME:time} %{ISO8601_TIMEZONE:zone} \[%{LOGLEVEL:loglevel} \] \[%{DATA:thread_name}\].*