Grok patterns logstach custom

Question

hello im trying to get grok patern of this :

2589522 HARS-X6790  2022-08-05 08:55:15 --EX: SCR45778554 ID '346402454540629' 

%{NUMBER:ligne} %{TIMESTAMP_ISO8601:syslog_timestamp} %{GREEDYDATA:syslog_message}

Result :

{

"ligne": "6790",

"syslog_timestamp": "2019-08-05 08:55:15",

"syslog_message": "--EX: SCR 45778554 ID '346402454540629'"

}

i need to add this HARS-X6790 to the grok ? thanks

Answer 1

You can try DATA

%{NUMBER:ligne} %{DATA:stuff} %{TIMESTAMP_ISO8601:syslog_timestamp} %{GREEDYDATA:syslog_message}

You can check what DATA captures here or here