Logtash Grok Pattern

[HASupport]

Hi Nik, Hope you are doing great
I need to put some grok pattern for the following, can you support to achieve please
this is only for the highlighted portion message

<134>GLH-SSO-c5508a: *haSSOServiceTask3: Apr 19 07:24:16.217: %APF_HA-6-CLIENT_TEMP_DB_FIND_ERR: [SS]apf_ha_api.c:258 Unable to find Mobile 4c:66:41:8a:05:f3 entry in the temporary Client database used for APF HA

[npolovenko]

Hello again, @HASupport! There you go:

Code: Select all

^%{SYSLOG5424PRI:priorty}%{DATA:host}: %{DATA}: %{MONTH:month} %{POSINT:day} %{TIME:time}: %{GREEDYDATA:message}

[HASupport]

<134>GLH-SSO-c5508a: *haSSOServiceTask3: Apr 19 07:24:16.217: %APF_HA-6-CLIENT_TEMP_DB_FIND_ERR: [SS]apf_ha_api.c:258 Unable to find Mobile 4c:66:41:8a:05:f3 entry in the temporary Client database used for APF HA

^%{SYSLOG5424PRI:priorty}%{DATA:host}: %{DATA}: %{MONTH:month} %{POSINT:day} %{TIME:time}: %{GREEDYDATA:message}

Hi there

The above represents is already I have posted,
What I need is to %{GREEDYDATA:message} pattern ? more readable
for example Mobile 4c:66:41:8a:05:f3 need to more readable format?

[npolovenko]

@HASupport, You could try this syntax to separate the MAC address.

Code: Select all

^%{SYSLOG5424PRI:priorty}%{DATA:host}: %{DATA}: %{MONTH:month} %{POSINT:day} %{TIME:time}: %{GREEDYDATA:message} %{MAC:mac_address}?