Nagappa L M
Reputation: 1480
Logstash pattern dealing with multiple matches
Facing very much difficulty to extract in grok
hi i am good [anything] hey [another] hii [third] kjkj [fourth] etc
in the above string how can i extract [anything] to one field
have used (^.+)(?<thread_name>\[.+\]) but it extracts last match
Upvotes: 0
Views: 822
Answers (1)
doz10us
Reputation: 777
(^[^\[]+)(?<thread_name>\[[^\]]+\])
This one is modified yours. It will work to extract exactly first match of a word in square brackets. Please provide more details if you need a more tuned pattern.
Output will be:
{
"thread_name": [
[
"[anything]"
]
]
}
I recommend using the Grok Debugger for quick checking grok patterns.
Upvotes: 1
Related Questions
- Grok pattern for matching content in already parsed log line
- A complicated logstash pattern in Grok
- Logstash grok multiple match
- conditional matching with grok for logstash
- LOGSTASH filter | Multiple patterns for same file
- Multiple patterns in one log
- Logstash Grok pattern with multiple matches
- Logstash Grok Pattern
- Logstash grok multiple matches failure
- Chaining grok filter patterns for logstash