Grok Constructor

Test grok patterns

This tries to parse a set of given logfile lines with a given grok regular expression (based on Oniguruma regular expressions ) and prints the matches for named patterns for each log line. You can also apply a multiline filter first.

Please enter some loglines for which you want to check a grok pattern, the grok expression that should match these, mark the pattern libraries you draw your patterns from and then press

You can also just try this out with a

random example
2013-02-28 09:57:56,662 WARN CreateSomethingActivationKey - WhateverException for User 49-123-345678 {{rid,US8cFAp5eZgAABwUItEAAAAI_dev01_443}{realsid,60A9772A136B9912B6FF0C3627A47090.dev1-a}}
MATCHED
timestamp 2013-02-28·09:57:56,662
logger CreateSomethingActivationKey
msgnr
stacktrace
message WhateverException·for·User·49-123-345678·
loglevel WARN
2013-02-28 09:57:56,663 INFO LMLogger - ERR1700 - u:null failures: 0 - Technical error {{rid,US8cFAp5eZgAABwUItEAAAAI_dev01_443}{realsid,60A9772A136B9912B6FF0C3627A47090.dev1-a}}
MATCHED
timestamp 2013-02-28·09:57:56,663
logger LMLogger
msgnr ERR1700
stacktrace
message ERR1700·-·u:null·failures:·0··-·Technical·error·
loglevel INFO
2013-02-28 09:57:56,668 ERROR SomeCallLogger - ESS10005 Cpc portalservices: Exception caught while writing log messege to MEA Call: {} java.sql.SQLSyntaxErrorException: ORA-00942: table or view does not exist at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:445) at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:396)
MATCHED
timestamp 2013-02-28·09:57:56,668
logger SomeCallLogger
msgnr ESS10005
stacktrace java.sql.SQLSyntaxErrorException:·ORA-00942:·table·or·view·does·not·exist ⇥at·oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:445) ⇥at·oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:396)
message ESS10005·Cpc·portalservices:·Exception·caught·while·writing·log·messege·to·MEA·Call:··
loglevel ERROR
2013-02-28 10:04:35,723 INFO EntryFilter - Fresh on request /portalservices/foobarwhatever {{rid,US8dogp5eZgAABwXPGEAAAAL_dev01_443}{realsid,56BA2AD41D9BB28AFCEEEFF927EE61C2.dev1-a}}
MATCHED
timestamp 2013-02-28·10:04:35,723
logger EntryFilter
msgnr
stacktrace
message Fresh·on·request·/portalservices/foobarwhatever·
loglevel INFO