I am not not able to use GROK pattern for my new logs .KindlyHelp

Question

I am not not able to use GROK pattern for my new logs .KindlyHelp

Deepi-cyber opened this issue 4 years ago · 1 comments

172.16.2.1 Jun 15 10:44:28 date=2020-06-15 local7 notice time=10:44:28 devname="MIBLR_FW_1" devid="FG200ETK19907000" logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root"

KIndly help ..I want to use GROK with KV filter to parse the above logs

Answer 1 · 2020-09-08T15:23:39.000Z

Hey, sorry this a bug tracker for help please use SO or discuss.
Here's an incomplete sample to get you started (did not capture date/time as they seemed the same as in the timestamp):
%{IP:ip} %{SYSLOGTIMESTAMP:timestamp} date=.*? %{HOST:host} %{LOGLEVEL:level} time=.*? devname="%{WORD:devname}"