Parsing logs with grok


#1

I’m trying to parse following log [25-Jan-2019 21:10:25 UTC] test message from test log

My input looks like this
[[inputs.logparser]] files = ["/home/storage/logs/test.log"] from_beginning=true [inputs.logparser.grok] patterns = ["\[%{MONTHDAY:day}-%{MONTH:month}-%{YEAR:year} %{TIME:time} %{WORD:zone}\] %{GREEDYDATA:error}"] measurement = "metrics_data_test"
But I get this error E! [telegraf] Error running agent: Error parsing /etc/telegraf/telegraf.conf, toml: line 5250: parse error. I’ve been trying to make it work but running out of ideas how to parse that date. Any help would be much appreciated :pray:
Also I would like to add some field to all rows parsed in this file, is something like that an option?


#2

hi , you were so close
you need two times two backslashes … \[ en \] have to be \\[ and \\]
best regards

patterns = ["\\[%{MONTHDAY:day}-%{MONTH:month}-%{YEAR:year} %{TIME:time} %{WORD:zone}\\] %{GREEDYDATA:error}"]
:+1:


#3

Thank you so much, it works now :confetti_ball: