Grok Parse Failure on Custom Log Format and regex in logstash -


i have custom log format ,i new trying figure out how works . not getting parsed in logstash .can identify issue.

logformat follows

{u'key_id': u'1sdfasdfvaa/sd456dfdffas/zasder==', u'type': u'audio'}, {u'key_id': u'iu-dsfaz+ka/q1sdfq==', u'type': u'hd'}], u'model': u'level1', u'license_metadata': {u'license_type': u'streaming set', u'request_type': u'new', u'content_id': u'aaaa='}, u'message_type': u'license', u'cert_serial_number': u'aaaasssseerrttyuuiioooasa='} 

i need parsed in logstash , store in elasticsearch

the problem none of existing grok pattern taking care of , unaware of regex custom config

alain's comment may useful you, if log is, in fact, coming in json may want @ json filter automajically parse json message elastic friendly format or using json codec in input.

if want stick grok, great resource building custom grok patterns grok constructor.


Comments

Popular posts from this blog

c++ - llvm function pass ReplaceInstWithInst malloc -

Cross-Compiling Linux Kernel for Raspberry Pi - ${CCPREFIX}gcc -v does not work -

java.lang.NoClassDefFoundError When Creating New Android Project -