TC_OLD

3/8/2019 - 10:20 AM

filter {
    grok {
        match => [
                "message", "%{TIMESTAMP_ISO8601} (?<correlation>[0-9a-z\-]+) %{WORD:level}([ ]+)([\[\]a-z \(\)\-0-9:\.]+)([A-Z]+)([ 0-9]+) --- ([\[a-z \-0-9]+)\] (?<class>[a-zA-Z\.]+)([ ]+): (?<category>[a-zA-Z\.\/\{\}]+) execution time: (?<execution_time>[0-9]+)",
                "message", "%{TIMESTAMP_ISO8601} (?<correlation>[0-9a-z\-]+) %{WORD:level}([ ]+)([\[\]a-z \(\)\-0-9:\.]+)([A-Z]+)([ 0-9]+) --- ([\[a-z \-0-9]+)\] (?<class>[a-zA-Z\.]+)([ ]+): %{GREEDYDATA:message}"
                ]
        overwrite => [ "message"]
    }
    json {
        source => "message"
        target => "data"

Cacher is the code snippet organizer for pro developers

We empower you and your team to get more done, faster

lock TC_OLD

TC_OLD