DevOps Classroom Series – 25/Apr/2021

What is GROK

  • grok is a way to match a line against regular expression, map specific parts of line into dedicated fields
  • The basic format of a logstash grok filter
%{SYNTAX:SEMANTIC}
%{PATTERN:FieldName}
  • Elastic search has defined around 200 patterns Refer Here
  • GROK Extracts fields when we write grok patterns which can be use logstash-grok filter Preview
  • Core grok patterns: Refer Here
  • Exercise 1: Convert 2021.04.25-18:47 INFO khaja logged in successfully
    • datetime:
    • loglevel => INFO
    • username => khaja
    • message => logged in successfully Preview
  • Refer Here for the logs of different environments or softwares
  • Exercise 2: Lets convert the hadoop log into fields Refer Here Preview
  • Exercise 3: Create a grok pattern for mac Refer Here Preview
  • Exercise: Write a grok pattern for ssh logs Refer Here Preview
  • Exercise: Try to create logstash conf files for Apache, HDFS, Hadoop, Linux, OpenSSH, Spark Refer Here
    • in the input use stdin and manually paste the individual lines

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Floating Social Media Icons by Acurax Wordpress Designers

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Visit Us On FacebookVisit Us On LinkedinVisit Us On Youtube