DevOps Tools Engineer (LPIC-OT 701) — Question 19

Which of the log messages below matches the following Logstash grok filter? grok { match => ["message", "%{SYSLOGBASE} new node %{IPORHOST:node}" ]
}

Answer options

• A. Jun 30 00:36:49 headnode: new node 198.51.100.103 at clustermanager:12353
• B. Jun 30 00:36:49 headnode clustermanager[12353]: new node 198.51.100.103
• C. Jun 30 00:36:49 headnode clustermanager[198.51.100.103]: new node
• D. %{SYSLOG-FROM:headnode clustermanager[12353]} new node 198.51.100.103
• E. clustermanager[12353]: Jun 30 00:36:49 headnode new node 198.51.100.103

Correct answer: C

Explanation

The correct answer is C because it matches the grok filter, with the proper SYSLOGBASE format and includes 'new node' followed by an IP address. Options A, B, D, and E do not fit the specified pattern, as they either have additional elements, incorrect formatting, or lack the necessary structure to match the filter criteria.