Logstash provides a grok pattern for postgresql logs. Unfortunately, it doesn’t seem to be compatible with our postgres version (9.4), and our messages were all tagged with “_grokparsefailure”.
Using the fantastic grok debugger, I was able to produce something that worked:
%{DATESTAMP:timestamp} %{TZ} %{DATA:user_id} %{GREEDYDATA:connection_id} %{DATA:level}: %{GREEDYDATA:msg}
I’ve created an issue here, to track it.
