What is GROK
- grok is a way to match a line against regular expression, map specific parts of line into dedicated fields
- The basic format of a logstash grok filter
%{SYNTAX:SEMANTIC}
%{PATTERN:FieldName}
- Elastic search has defined around 200 patterns Refer Here
- GROK Extracts fields when we write grok patterns which can be use logstash-grok filter
- Core grok patterns: Refer Here
- Exercise 1: Convert 2021.04.25-18:47 INFO khaja logged in successfully
- datetime:
- loglevel => INFO
- username => khaja
- message => logged in successfully
- Refer Here for the logs of different environments or softwares
- Exercise 2: Lets convert the hadoop log into fields Refer Here
- Exercise 3: Create a grok pattern for mac Refer Here
- Exercise: Write a grok pattern for ssh logs Refer Here
- Exercise: Try to create logstash conf files for Apache, HDFS, Hadoop, Linux, OpenSSH, Spark Refer Here
- in the input use stdin and manually paste the individual lines
