Logstash GROK filter for tomcat logs

Question

i am new to elk , i need pattern that can find " transactionid following value from tomcat logs and create separate field

sample logs are like below ...

2018-03-14 10:58:36,853 INFO so:165 - Female Value : 0.084370888769626617 for transactionId ABCsdf62969
2018-03-14 10:58:36,853 INFO so:165 - White Value : 0.90355902910232544 for transactionId ABtgF62969
2018-03-14 10:58:36,853 INFO so:165 - Black Value : 0.001742142834700644 for transactionId ZBCBfg2969
2018-03-14 10:58:36,853 INFO so:165 - Asian Value : 0.0055485325865447521 for transactionId TBCBF62969
2018-03-14 10:58:36,853 INFO so:165 - Hispanic Value : 0.079676181077957153 for transactionId L45BF62969
2018-03-14 10:58:36,853 INFO so:165 - Other Value : 0.0094741648063063622 for transactionId A56BF62969

mohdasha mohdasha · Accepted Answer · 2018-03-16T12:38:27

This is not a Question/Answer webstite wherein you just ask question without even trying. Atleast try first and then come up with errors that you get.

I think you are new to this platform. I'll give you pattern this time, but try to understand it first, and then work on your own for future patterns.

For your case, this will work:

  grok {
     match => ["message", "%{TIMESTAMP_ISO8601:time} %{LOGLEVEL:log_level} %{GREEDYDATA:some_data} transactionId %{WORD:transaction_id}"]
  }

Try and work hard. Thanks !!

Logstash GROK filter for tomcat logs

1 Answers