If the logs you are shipping to Logstash are from a Windows OS, it makes it even more difficult to quickly troubleshoot a grok pattern being sent to the Logstash service.
It can be beneficial to quickly validate your grok patterns directly on the Windows host. Here is an easy way to test a log against a grok pattern:
Download and run the latest Ruby.2.x installer from rubyinstaller.org
Then install the grok gem and download the basic set of grok definitions.
gem install jls-grok
powershell -command invoke-webrequest https://raw.githubusercontent.com/logstash-plugins/logstash-patterns-core/master/patterns/grok-patterns -outfile grok-patterns
Download the same teststdin.rb from my similar post on testing grok filters from Linux and copy it to the same directory where ‘grok-patterns’ was just downloaded.
teststdin.rb
The program takes lines from standard input, so type input manually or pipe a file into the input (teststdin.rb < mytest.log)
REFERENCES
https://fabianlee.org/2016/05/25/devops-testing-logstash-grok-patterns-for-ruby-1-9/