L
L
luxter2017-04-03 10:39:21
syslog
luxter, 2017-04-03 10:39:21

How to parse log (Logstash, grok patterns)?

Good day! There is this log:

<13>1 2017-04-03T10:02:02+03:00 192.168.0.163 - - - - <14> <smg1016m> 10:00:27.350841 [INFO] alarm-led: set [green]<->[green] [0]

Through Logstash, everything is filtered and sent to ES + Kibana, but its appearance is not at all readable. The main grok patterns stumble on this log.
For all the main logs, I divide it like this:
<%{NONNEGINT:syslog_pri}>%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}
and everything is fine, but when there are symbols of multiple dashes and others, they spoil everything. How to be?

Answer the question

In order to leave comments, you need to log in

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question