Log parsing rules

Log parsing rules provide you the ability to parse, extract, map, convert and filter your log entries. Rules can help you convert unstructured log data into JSON format, extract important information from your logs and filter your log stream according to various conditions.

One of the most popular ways to customize your logs is using named groups Regex. This will allow you to modify and extract your logs in various ways For more information on named groups Regex

Here’s are 2 examples on how you can leverage this feature:

PConvert log message to JSON

Raw log:

result: 200, status: OK, username: anonymous
Define parse rule:

^result:\s(?P<result>\d+),\sstatus:\s(?P<status>[^,]+),\susername:\s(?P<username>.*)

Result:

{
  "result" : 200,
  "status" : 'OK',
  "username" : "anonymous"
}

EExtract information from log message

Raw log:

INFO - myclass: This is a test message
Define parse rule:

(?P&lt;severity&gt;[^ ]+)\s-\s(?P&lt;category&gt;[^:]+):\s(?P&lt;text&gt;.*)

The result is the “INFO” value will be extracted to severity column, “myclass” to category column and the rest will go to the text column.

Signup to Coralogix
WordPress Lightbox