P

3

12

I have installed Logstash on Ubuntu Server 14. Where can I find the default grok patterns that Logstash uses when filtering logs ? Thanks.

Parchment answered 10/8, 2015 at 13:42 Comment(0)

U

8

I have also installed ELK stack on Ubuntu 14.04. The location of patterns that grok uses is in the following directory

/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.5/patterns/

which includes the following default patterns

aws                   firewalls             junos                 mongodb               rails
bacula                grok-patterns         linux-syslog          nagios                redis
bro                   haproxy               mcollective           output.txt            ruby
exim                  java                  mcollective-patterns  postgresql            test.sh

Or you can just search for the patterns as follows:

find / -name patterns

This will show you the directory of patterns you are looking for.

Ule answered 20/9, 2016 at 9:31 Comment(1)

For faster searching for a directory, you can use find / -type d -name patterns – In 15/5, 2018 at 15:8

K

6

From the grok documentation:

Logstash ships with about 120 patterns by default. You can find them here:

https://github.com/logstash-plugins/logstash-patterns-core/tree/master/patterns.

Kampala answered 10/8, 2015 at 13:52 Comment(1)

I think what he means is, where do this patterns is located in the host where logstash is installed. – Trollop 26/4, 2016 at 8:2

S

4

If you know the logstash installation path, say cd /usr/share/logstash/

it is here:

cd /vendor/bundle/jruby/2.3.0/gems/logstash-patterns-core-4.1.2/patterns/

If installed via apt-get, to /usr/share/logstash/ it is here:

/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-patterns-core-4.1.2/patterns/

Symptom answered 12/12, 2017 at 18:6 Comment(0)

find / -name patterns

Recommended topics

Hot tags