<184>BSR 64000(tm):[05/12-04:45:13.98- 07:tRDNts6586]-M-CLI-TRACKER[peter.parker]: command
Hello everyone, I don't know how to create a pattern for the previous records, I need to identify the user, in this case it is peter.parker
[solved] Create pattern to logs
-
- Posts: 2
- Joined: Wed Jun 20, 2018 12:54 pm
[solved] Create pattern to logs
Last edited by rodrigoaguilar on Mon Jun 25, 2018 8:21 am, edited 1 time in total.
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Create pattern to logs
Here is a doc outlining creating grok patterns starting on page 2
https://assets.nagios.com/downloads/nag ... ilters.pdf
Here is a good place to test your patterns
https://grokdebug.herokuapp.com/
https://assets.nagios.com/downloads/nag ... ilters.pdf
Here is a good place to test your patterns
https://grokdebug.herokuapp.com/
-
- Posts: 2
- Joined: Wed Jun 20, 2018 12:54 pm
Re: Create pattern to logs
tnks man
The result
The result
Code: Select all
\<%{NUMBER:ID}\>%{WORD:model} %{NUMBER:model}\(.*\):\[(?<timestamp>%{MONTHNUM}/%{MONTHDAY}-%{TIME}).*- .*:.*\]-M-CLI-TRACKER\[%{USERNAME}\]:%{GREEDYDATA:message}
{
"ID": [
[
"184"
]
],
"BASE10NUM": [
[
"184",
"64000"
]
],
"model": [
[
"BSR"
],
[
"64000"
]
],
"timestamp": [
[
"05/12-04:45:13.98"
]
],
"MONTHNUM": [
[
"05"
]
],
"MONTHDAY": [
[
"12"
]
],
"TIME": [
[
"04:45:13.98"
]
],
"HOUR": [
[
"04"
]
],
"MINUTE": [
[
"45"
]
],
"SECOND": [
[
"13.98"
]
],
"USERNAME": [
[
"peter.parker"
]
],
"message": [
[
" show run"
]
]
}
Last edited by tmcdonald on Fri Jun 22, 2018 4:19 pm, edited 1 time in total.
Reason: Please use [code][/code] tags around long output
Reason: Please use [code][/code] tags around long output
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Create pattern to logs
Excellent!