user626528
Reputation: 14419
Getting regex that grok filter is converted to?
I have a complex grok filter expression... is it possible to get the regex that this filter is converted to?
Upvotes: 3
Views: 944
Answers (1)
Alcanzar
Reputation: 17155
You can do it with a simple Perl script that reads the patterns file and replaces the %{PATTERN} stuff with the actual regex it's based on -- you'll have to customize this a little, but it shows how to do it:
#!/usr/bin/perl
# this is the path to your grok-patterns file
open(F,"patterns/grok-patterns");
while (<F>) {
chomp;
if (/^(\S+) (.*)/) {
$pattern{$1} = $2;
}
}
close(F);
# this is the grok pattern I want to expand
$pattern='%{IP:junk} %{COMBINEDAPACHELOG:junk2}';
while ($pattern =~ /(%\{([^:\}]+):?[^\}]*\})/) {
$name = $2;
substr($pattern,$-[0],$+[0]) = $pattern{$name};
}
print $pattern,"\n";
Upvotes: 2
Related Questions
- GROK Parsing with regex
- logstash log parsing with regex and grok
- RegEx Filter Works In RegExr But Not Logstash Grok
- Regular expressions for grok pattern
- Custom Grok regular expression matcher
- Parsing data with grok filter on logstash
- Custom regular expression for grok
- custom log grok pattern
- Logstash grok filter regex
- Logstash grok pattern to filter custom Log message