Assistance requried for Logstash filter with GROK

Tue, 24 Feb 2015 20:56:19 -0800 

Hi,

I'm trying to filter below weblogic log using Logtrash filter GROK.

[2015-02-24T19:17:31.238-05:00] [SOA1] [NOTIFICATION] [] 
[oracle.soa.b2b.engine] [tid: DaemonWorkThread: '4' of WorkManager: 
'wm/SOAWorkManager'] [userId: <anonymous>] [ecid: 
d070755914343597:13c3dcbc:14bb6caf2c7:-8000-0000000000000006,1:30619] [APP: 
soa-infra] BatchRepositorygetCountBatchNames : tid = 176 conn = 
[weblogic.jdbc.wrapper.JTAConnection_weblogic_jdbc_wrapper_XAConnection_oracle_jdbc_driver_LogicalConnection-SOADataSource-140550,
 
oracle.jdbc.driver.LogicalConnection@1a08b2a3]
[2015-02-24T19:18:03.358-05:00] [SOA1] [NOTIFICATION] [] 
[oracle.soa.adapter] [tid: DaemonWorkThread: '16' of WorkManager: 
'wm/SOAWorkManager'] [userId: <anony


I tried below both ways to get it work.. But only 
TIMESTAMP_ISO8601:timestamp pattern is working and remaining not working.

1.

 input {
 stdin {
    type => "stdin-type"
  }
  file {
    type => "SOA1-diagnostic"
    path => [ "<Path>"]
  }
  }

  filter {
  multiline {
    type => "SOA1-diagnostic"
    pattern => "^\[%{TIMESTAMP_ISO8601\]"
    negate => true
    what => "previous"
  }
    grok {
    type => "SOA1-diagnostic"
    pattern => 
["\[%{TIMESTAMP_ISO8601:timestamp}\]\s*\[%{WORD:Managed_Server}\]\s*%{GREEDYDATA:log_message}"]
    add_field => ["Log", "SOA1-diagnostic"]
  }
  }

output {
  elasticsearch { host => <name>}
}


2. 

 input {
 stdin {
    type => "stdin-type"
  }
  file {
    type => "SOA1-diagnostic"
    path => [ "/mnt/orasoa2t/logs/soa2t_domain/SOA1-diagnostic.log"]
  }
  }

  filter {

  grok {
                  match => { "message" => 
"%{TIMESTAMP_ISO8601:wls_timestamp} %{GREEDYDATA:log_message}" }
       }

         }

output {
  elasticsearch { host => usncx135 }
}


Please assist me. Thanks in advance.


Regards,
Bharath

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/29067e5c-cddb-49e3-813c-c1dccfce48fc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to