An example log entry Iis:
{"datetime":"2016-08-03T18:47:45.2747784Z","level":"Debug","name":
"Platform.Data.InstanceProvider","message":"InstanceProvider(ce553f62-f207-41db-aa3d-6d3f74b18df4)
returned the cached instance.", "requesterIp":"","threadid":"32"}
And the entire thing is put under the message field. I want fields for
Date, Level, Name, Message, RequesterIp, and Threadid. I see that I cannot
cut from the message so I've tried GROK parsing with copy.
%{YEAR}[-]%{MONTHNUM2}[-]%{MONTHDAY}[T]%{HOUR}[:]%{MINUTE}[:]%{SECOND}
but I cannot get beyond that. I've tried continuing with
[,]%{WORD:name}[,]%{WORD:message}
but it fails. Any suggestions on how I can continue on for the remaining
fields? Or is GROK not the optimal way to parse?
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/64735aa4-9454-42dd-8a31-94c31613e03e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
