Use the Log Parsing Validator to test parsing parsing patterns for your log messages. Parsing patterns extract the fields you need from your log messages and name them so that you can query the contents of named names. The Log Parsing Validator extracts fields from a single-line sample log message you provide based on the parser type and pattern you specify. Using this tool first and then copying the successful pattern reduces trial and error on parsing your logs. 


  1. Click Configure > Logs Parsing
  2. Repeat these steps until the fields in your sample log message are extracted as you need them to be:

    1. Select a parser type from the Parser Type dropdown menu. 

      The following parser types autopopulate the Parsing Pattern field with a predefined GROK pattern:

      • APACHE
      • ELB
      • NGINX
      • ALB
      • KAFKA
      • SQLSERVER

      • POSTGRESQL

      • MYSQL
      • ZOOKEEPER
      • REDIS
      • AWSS3ACCESS
      • HAPROXY

      If you select any of these parser types, you don't need to specify a parser pattern. Predefined patterns are not editable. If you need to create your own pattern, select parser type GROK, JSON, Log4j, Logback, or Timestamp.

    2. In Raw Log Sample, enter a sample of a single-line log message that you need to be parsed. This tool doesn't work on multi-line messages.
    3. In Parsing pattern, enter the pattern that you want to test.
    4. Click Validate. The validator displays the fields that it extracted from your sample log message in the Parsed Log Sample panel.

  3. Click Copy Pattern.

  4. Paste the pattern into the correct location for configuring parsing, which depends on where this log is coming from and whether you need pre-ingestion parsing or post-ingestion ("server-side") parsing:

    • If you want pre-ingestion parsing and the log is coming from an application running on a Kubernetes cluster, the parsing configuration goes into collectors-values.yaml. See Log Collector Settings.  Your collectors-values.yaml must have the new (non-legacy) layout of logCollectorConfig

    • If you want post-ingestion processing, the parsing configuration goes into a log processing rule that you create in Configure > Log Processing. See Log Processing Rules.