I am having a log file as mentioned below. I want to parse this file using logstash.
2015-06-10 05:11:37,799 [good][status] [ErrorAttribute - AN EXCEPTION OCCURED:
Exception Occured1
Exception Occured1
Exception Occured1
Exception Occured1
Exception Occured1
Exception Occured1
Exception Occured1
]2015-06-10 05:36:35,517 [50][ERROR] [ErrorAttribute - AN EXCEPTION OCCURED:
Exception DiffernetOccured1
Exception DiffernetOccured1
Exception DiffernetOccured1
Exception DiffernetOccured1
Exception DiffernetOccured1
Exception DiffernetOccured1
Exception DiffernetOccured1
]
I want to parse the above file like in the following field format
@timestamp - 2015-06-10 05:11:37,799
Quality - good
Status- Pass
Details - ErrorAttribute - AN EXCEPTION OCCURED:
Exception Occured1
Exception Occured1
Exception Occured1
Exception Occured1
Exception Occured1
Exception Occured1
Exception Occured1
I want to continue this step till end of the file I have used grok expression the grokparse fails since the log information contains many lines. I hope grok will apply for line by line .
I want to parse the information into seperate events like this as one event
2015-06-10 05:11:37,799 [50][ERROR] [ErrorAttribute - AN EXCEPTION OCCURED:
Exception Occured1
Exception Occured1
Exception Occured1
Exception Occured1
Exception Occured1
Exception Occured1
Exception Occured1
]
and this as another event
2015-06-10 05:36:35,517 [50][ERROR] [ErrorAttribute - AN EXCEPTION OCCURED:
Exception DiffernetOccured1
Exception DiffernetOccured1
Exception DiffernetOccured1
Exception DiffernetOccured1
Exception DiffernetOccured1
Exception DiffernetOccured1
Exception DiffernetOccured1
]
How can I achieve this in Logstash Filters.
You need to use the multiline codec or filter to combine the lines into one event for processing.