grok pattern to custom logstash config

Question

^(?:%{LOGLEVEL:level}):\s*%{DATA:message}\s*(?:%{JAVACLASS:caller_class})\s+\[%{WORD:loglevel}\]\s+(\[\s*\S+\s+%{BASE10NUM:tstamp}.*?\]\s+)+(\[\s*\S+\s+%{BASE10NUM:memory}\S*\s+\S+\s+%{BASE10NUM:total}.*?\])

this is my grok pattern from here https://regex101.com/r/yMq9J1/1

and now I wanted to use this in my logstash config in filter but I get an error

The given configuration is invalid. Reason: Expected one of #, => at line 12, column 19 (byte 341) after filter { grok { match => { "message" => "^(?:%{LOGLEVEL:level}):\s*%{DATA:message}\s*(?:%{JAVACLASS:caller_class})\s+[%{WORD:loglevel}]\s+([\s*\S+\s+%{BASE10NUM:tstamp}.?]\s+)+([\s\S+\s+%{BASE10NUM:memory}\S*\s+\S+\s+%{BASE10NUM:total}.*?])" } } output { elasticsearch

can you guys help me understand the situation here?

Can you post your whole configuration, please? It would us seeing where the problem might be. — baudsp

baudsp baudsp · Accepted Answer · 2016-12-06T13:24:59

The grok pattern is not the problem, the configuration is missing a } to close the match setting of the grok filter.

It should be added after %{BASE10NUM:total}.*?])", like this:

      ...%{BASE10NUM:total}.*?])" 
    }  # missing accolade
  } 
}   

output { 
  elasticsearch
  ...

grok pattern to custom logstash config

1 Answers