Timestamp is different from time of log. I want to do a time search in the logs. I can do it using grok pattern
<%{DATA:time}>%{SPACE}<%{GREEDYDATA:message}
but GREEDYDATA gives me an incomplete message so I use
(?<message(.|\r|\n)*)
Maybe there is another way. I don’t know!
You could start by supplying an example log entry, and then maybe clarifying exactly what it is you want, because right now you sound like that guy who tells everyone blue bananas are green and wonders why people stare at him.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.