I have a log file with a specific pattern format and I want to extract some field using a pattern but still not able to retrieve the correct value :
This's a line of my log file :
2021-02-08 09:09:38,111 INFO [stdout] (default task-26) Payload: {"rqUID":"12345678-abdcABCD-09876543-abcdefgh","addUsrIdentif":{"userId":"string","requestDate":"string","userLanguage":"string","financialInstitution":"string","products":["string"],"providerLogin":"string","providerPasswd":"string"},"customerInformation":{"customerId":"string","orgId":"string","orgDepth":12,"contractId":"string"},"merchantInformation":{"chainId":"string","merchantId":"string","posId":"string"},"agentInformation":{"oedInstitutionId":"string","branchId":"string","agentId":"string"},"caseReference":12}
I want to extract the field rqUID value using this pattern I get this result :
[[inputs.logparser]]
files = ["D:\\server.log"]
from_beginning = true
[inputs.logparser.grok]
measurement = "PWCAPI"
patterns = ["%{LOG_PATTERN}"]
custom_patterns = '''
LOG_PATTERN %{WORD:rqUID}
'''
Results :
{ "rqUID": [ [ "2021" ] ] }
My purpose is the get : rqUID = 12345678-abdcABCD-09876543-abcdefgh
I tested the pattern using : https://grokdebug.herokuapp.com/
Can someone help ,thanks in advance :)
You can use a named capturing group here with a customized pattern:
"rqUID":"(?<rqUID>[^"]+)
Details:
"rqUID":" - a literal substring(?<rqUID>[^"]+) - a named capturing group rqUID that captures any one or more chars other than a " char.