Multiple patterns in one log

by

You could use multiple patterns for your grok filter,

grok {
  match => ["fieldname", "pattern1", "pattern2", ..., "patternN"]
}

and they will be applied in order but a) it’s not the best option performance-wise and b) you probably want to treat different types of logs differently anyway, so I suggest you use conditionals based on the type or tags of a message:

if [type] == "syslog" {
  grok {
    match => ["message", "your syslog pattern"]
  }
}

Set the type in the input plugin.

The documentation for the currently released version of Logstash is at http://logstash.net/docs/1.4.2/. It probably doesn’t address your question specifically but it can be inferred.

More Related Contents:

  1. Logstash: how to add file name as a field?
  2. Change default mapping of string to “not analyzed” in Elasticsearch
  3. How to parse json in logstash /grok from a text file line?
  4. How to force Logstash to reparse a file?
  5. How to setup ElasticSearch index structure with multiple entity bindings
  6. Calculating time between events
  7. Join query in ElasticSearch
  8. How can a Elasticsearch client be notified of a new indexed document?
  9. How to integrate ElasticSearch with MySQL?
  10. How to retrieve unique count of a field using Kibana + Elastic Search
  11. multiple inputs on logstash jdbc
  12. Logstash: Merge two logs into one output document
  13. How to create multiple indexes in logstash.conf file?

Leave a Comment