elk stack - GROK custom pattern filter in logstash -

how create grok custom pattern filter in logstash? want create pattern http response status code here pattern code

status_code __ %{nonnegint} __ 

what reaaly want have of web server hits user ip , request http headers , payload , web servers's response.

and here logstash.conf

input {      file {       type => "kpi-success"       path => "/var/log/kpi_success.log"       start_position => beginning     } }  filter {    if [type] == "kpi-success" {       grok {         patterns_dir => ["./patterns"]         match => { "message" => "%{timestamp_iso8601:timestamp} %{greedydata:message} "}      }       multiline {             pattern => "^\["             => "previous"             negate => true      }       mutate{           add_field => {                 "statuscode" => "[status_code]"               }      }   } }  output {      if [type] == "kpi-success" {         elasticsearch {             hosts => "elasticsearch:9200"             index => "kpi-success-%{+yyyy.mm.dd}"         }     } } 

you don't have use custom pattern file, can define new 1 directly in filter.

grok {    match => { "message" => "(?<status_code>__ %{nonnegint} __)"} }