From the course: Learning the Elastic Stack (2020)
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Building Grok filters - Elastic Stack Tutorial
From the course: Learning the Elastic Stack (2020)
Building Grok filters
- [Instructor] We should be ready to build our filter. Make sure you've got example two set in the URL, and down here, you need the checkbox next to httpd checked. The check boxes are to the left. So be careful of line wrapping here. I actually want to check this one, which correlates to this checkbox here, and I'll scroll up and click Go! This is the bit of the UI that I don't find to be very intuitive. It certainly took me a while to figure it out at first. This main text box here is where we're going to be constructing our filter. \A just represents the beginning of a string, and it's just there so that our loglines don't get mashed up. Below this is the sections that are already matched and the loglines that still need to be matched. So as we build our filter, these things will move over into the already matched category. Below that is a place where you can set a fixed string. Our loglines actually all begin with a pretty long fixed string that's identical, but in our case, we…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.