Got different logs in my elastic and need grok patterns to capture these logs can someone help me how to write grok patterns for different logs?
Sample log :
2005-03-19 15:10:26,618 - simple_example - DEBUG - debug message
>Solution :
Writing a grok pattern is not really hard if you have access to grok duggers and existing grok definitions.
Please use this website to write grok patterns as it tells exactly where you have gone wrong.
https://grokconstructor.appspot.com/do/match#result
There are many preexisting patterns as well. Please refer :
https://grokdebug.herokuapp.com/patterns#
Now, by using these two it’s easy to write grok patterns for different logs. Use below mentioned grok pattern for matching logs of the formats which you have specified in the question.
%{TIMESTAMP_ISO8601:time}\,%{NUMBER:num}%{SPACE}\-%{SPACE}%{WORD:app}%{SPACE}\-%{SPACE}%{LOGLEVEL:loglevel}%{SPACE}\-%{GREEDYDATA:msg}
Please rename the field values as per your needs for example in %{TIMESTAMP_ISO8601:time} time will be a field which has the value of timestamp.
