Tyngd Punkt
Reputation: 37
grok regular expression is not working in log stash
I'm a total newbie and I have created this filter in Logstash and the purpose is to create a "tag" in Elasticsearch called CVE that will find CVE numbers like CVE-1000-1000 or CVE-2016-0505 or any other 4 digit abritary number.
My code looks like this:
filter {
grok {
match => [
"CVE",
"(CVE-[0-9]{4}-[0-9]{4})"
]
}
}
I also wonder how i can make it case insensitive.
Please help!
Upvotes: 0
Views: 469
Answers (1)
Tyngd Punkt
Reputation: 37
This was the solution
grok {
match => ["text", "(?<cve>CVE-\d{4}-\d{4})"]
}
Big thanks to Magnus Bäck at Elastic
Upvotes: 1
Related Questions
- RegEx Filter Works In RegExr But Not Logstash Grok
- ElasticSearch Grok Pattern issue for Custom Log String
- Logstash grok filter apache pattern
- Logstash Grok pattern with double quotes
- grok parsing issue
- Custom GROK filter - Logstash -> Elasticsearch
- Logstash issue with config regex
- grok filter for log pattern
- Grok pattern does not work for $ character
- grok debugger regex usage