Logstash grok filter : parsing custom application logs

Question

I'm trying to parse my application logs using logstash filters. The log file contents are like below

17 May 2016 11:45:53,391 [tomcat-http--10] INFO com.visa.vrm.aop.aspects.LoggingAspect - RTaBzeTuarf |macBook|com.visa.vrm.admin.controller.OrgController|getOrgs|1006

I'm trying to create a dashboard (line chart) using logstash and want to show the activities on it. For e.g request comes in from some server with correlation id and have to see which class it calls with corresponding method and how long it took to execute.

The message is like:

correlation id | server-name | class name | method name | time taken
log file e.g 
RTaBzeTuarf |macBook|com.visa.vrm.admin.controller.OrgController|getOrgs|1006

I'm unable to create grok patterns/filters for above message. Can someone advise me on this?

alpert alpert · Accepted Answer · 2016-05-23T05:05:59

Try that:

(?<timestamp>%{MONTHDAY} %{MONTH} %{YEAR} %{HOUR}:%{MINUTE}:%{SECOND}) \[%{NOTSPACE:thread}\] %{LOGLEVEL:loglevel} (?<logger>[A-Za-z0-9$_.]+) - %{GREEDYDATA:correlationId}\|%{GREEDYDATA:servername}\|%{GREEDYDATA:className}\|%{GREEDYDATA:methodName}\|%{NUMBER:time}$

Logstash grok filter : parsing custom application logs

1 Answers