P
ppragados
Guest
I have successfully filtered my logs but curious if I can make it more efficient or "better" way rather than using a ton of "NOTSPACE". Below is my sample logs as well as my grok filter.
****Updated with more recent version******
[15/09/28@09:40:23.467-0700] P-000685 T-956770080 2 WS 4GLTRACE Run shr/getpref.p " Traveler ID Format" [Main Block - docprep/frames.w @ 1016]
My grok filter:
%{YEAR}/%{MONTHNUM}/%{MONTHDAY}@%{HOUR}:%{MINUTE}:%{SECOND}-%{INT:TIMEZONE}%{NOTSPACE:BRACKET}%{SPACE}%{NOTSPACEID}%{SPACE}%{NOTSPACE:T}%{SPACE}%{INT:NUM}%{SPACE}%{NOTSPACE:WS}%{SPACE}%{NOTSPACE:4GLTRACE}%{SPACE}%{NOTSPACE:STATUS}%{SPACE}%{NOTSPACE:MAINPROGRAM}%{GREEDYDATA:SUBPROGRAM}%{SPACE}%{NOTSPACE:BRACKET}
Any tips would be appreciated!
Continue reading...
****Updated with more recent version******
[15/09/28@09:40:23.467-0700] P-000685 T-956770080 2 WS 4GLTRACE Run shr/getpref.p " Traveler ID Format" [Main Block - docprep/frames.w @ 1016]
My grok filter:
%{YEAR}/%{MONTHNUM}/%{MONTHDAY}@%{HOUR}:%{MINUTE}:%{SECOND}-%{INT:TIMEZONE}%{NOTSPACE:BRACKET}%{SPACE}%{NOTSPACEID}%{SPACE}%{NOTSPACE:T}%{SPACE}%{INT:NUM}%{SPACE}%{NOTSPACE:WS}%{SPACE}%{NOTSPACE:4GLTRACE}%{SPACE}%{NOTSPACE:STATUS}%{SPACE}%{NOTSPACE:MAINPROGRAM}%{GREEDYDATA:SUBPROGRAM}%{SPACE}%{NOTSPACE:BRACKET}
Any tips would be appreciated!
Continue reading...