Constructing Grok Pattern in Elasticsearch using Grok constructor

Question

I need help in constructing a grok pattern for the following fields:

Here are some of the data we can get from it my log

timestamp: 2022-02-02T10:37:09.721-05:00 httpMethod: POST httpResource: /graphql httpResponse: 200 (200 is successful, 4xx, or 5xx is error)

how can I represent that in a grok pattern please?

I have read and tried some documenation on grok patterns to no avail.

Answer 1

If all your logs have the same structure, you can use something similar to this:

timestamp: %{TIMESTAMP_ISO8601:DateTime} httpMethod: %{WORD:Method} httpResource: /%{WORD:Resource} httpResponse: %{NUMBER:Response} %{GREEDYDATA:Message}

You can use the follow URL to test: https://grokdebug.herokuapp.com/