Questions tagged [grok]
The grok tag has no usage guidance.
18 questions
0
votes
0
answers
65
views
Parse embedded XML in the log with Logtash
logs are from filebeat to logstash and I write a pattern to parse them.developers added logs that have embeded xml inside logs and here is a sample :
2024-07-08 15:18:35,608 INFO |body=<?xml ...
- 101
0
votes
1
answer
997
views
Grok filter is not working properly
I have Filebeat-7.1 installed in a Debian server, this Filebeat send data from files in this Debian server to server with Logstash 7.6 , here are the files config
Filebeat.yml:
#=====================...
- 1
3
votes
0
answers
1k
views
How to apply grok to logs from syslog in telegraf?
In my current setup I am using Telegraf to ingest nginx logs from syslog and spit them out into influxdb. This works great.
Telegraf has support for grok log parsing. As far as I can tell it can be ...
0
votes
1
answer
1k
views
Grok filter for Cisco ASA
How can i get port from cisco ASA syslog using grok pattern.
I have tried some methods and its not working . We are using graylog for collecting log data.
Eg Log :
%ASA-6-301014: Teardown TCP ...
- 91
1
vote
1
answer
158
views
ELK Logs from application disappearing when grok rules are enabled
We have two instances of an application (same application, different database), lets call them app1 and app2. The route the logs take is:
appX runs filebeat, which picks up the applications log file ...
- 1,677
1
vote
1
answer
3k
views
Logtash grok / multiline confusion
My real patterns are more complex but I have tried to boil the problem down to the core issue. Something I don't understand.
Please try this out on http://grokconstructor.appspot.com/do/match
I'm ...
- 356
1
vote
1
answer
2k
views
Logstash multiline codec for Java stacktraces
The logstash documentation indicates that you can collapse the multiple indented lines in a Java stacktrace log entry into a single event using the multiline codec:
https://www.elastic.co/guide/en/...
- 3,569
1
vote
0
answers
670
views
Logstash syslog filter not applying to logs?
I'm looking through some syslog logs files in my ELK stack and noticed that all the syslog_severity fields are 'notice', when I can verify in the log files that they are not 'notice'. Seems like ...
- 171
0
votes
3
answers
1k
views
Logstash Grok Parsing Failed
I need to match this entry
2015/10/30 23:58:21 pid 22223 [email protected] 192.168.0.1 [p4/2012.2/LINUX26X86_64/536738] 'test-monitor show'
To match this I wrote this Regex
P4_DATE (?...
- 713
0
votes
1
answer
581
views
Logstash Grok Filter
I'm sure there is a simple solution to this but I'm new to working Logstash.
The filter I'm trying to apply is for some firewall logs and I have a field that will either have a single or two values ...
- 11
0
votes
0
answers
3k
views
F5 High Speed Logging and Logstash GROK
Im trying to format logs straight from our F5 using HSL and Logstash.
I've copied the example configuration exactly from the site as it contains the majority of the information I wanted logstash ...
- 138
0
votes
1
answer
3k
views
Logstash grok match pattern not working even though grok constructor says it is okay
I've been building some grok patterns to parse the /var/log/secure log file and everything has been working fine. I create the grok patterns at http://grokconstructor.appspot.com/ and even then test ...
- 11
2
votes
2
answers
6k
views
Grok Issue with Multiple IP's in NginX Logstash
i've got an issue with logging from my webservers, which has an elb and then a varnish layer in front of nginx layer.
varnish is setup properly for X-Forwarded-For and logs come through normally with ...
- 65
0
votes
1
answer
2k
views
Logstash is not processing MySQL logs correctly
As you can see, the message is not just the message, but also contains the date and timestamp.
.
.
This is the MySQL Log: /var/log/mysql/error.log
150630 9:01:29 [Warning] Access denied for user '...
- 4,113
0
votes
1
answer
580
views
Logstash matching ceph client and server separation
So I have a fresh logstash install and I am trying to deploy logstash to get a handle on the logs.
I am going through and will eventually segment the logstash filters based on subsystem and ...
- 21
7
votes
4
answers
12k
views
nginx error log Grok pattern
I am having trouble getting the following nginx error log message to parse in the grok debugger. I have a feeling there is a stupid trick that I should use but can't figure out what it may be.
...
- 800
1
vote
1
answer
1k
views
Logstash continued grokking after _grokparsefailure
Goodday,
(using logstash 1.4.2)
I'm trying to do something like:
filter {
if type == "feed" {
grok {
match => [ "message", "%{COMBINEDAPACHELOGS}" ]
add_tag => [ "grokked", "web"...
- 11
1
vote
1
answer
4k
views
Logstash Grok Pattern
First of all I apologize for this,I am pretty bad in regular-expression and try to wrote custom pattern(as I am unable to find something in existing grok pattern or may be I am missing something) for ...
- 713