Nikhil.J
Reputation: 170
How to match any pattern by ignoring any special character in Logstash?
I am writing a grok pattern for switch log. I am not getting how to ignore the "%" character form the log %DAEMON-3-SYSTEM_MSG
Complete log is-
Jul 16 21:06:50 %DAEMON-3-SYSTEM_MSG: Un-parsable frequency in /mnt/pss/ntp.drift
Upvotes: 1
Views: 1297
Answers (1)
sysadmin1138
Reputation: 1303
This can be done using the plain % character. A not very efficient example:
%%{NOTSPACE:switch_source}: %{GREEDYDATA:switch_message}
Which will set:
{
"switch_source": [
[
"DAEMON-3-SYSTEM_MSG"
]
],
"switch_message": [
[
"Un-parsable frequency in /mnt/pss/ntp.drift"
]
]
}
The percent-sign is not a special character in Oniguruma regex, so you don't have to escape it. When used with %{ and then } later, that's when you run into problems. But your log-snippet doesn't seem to use that pattern.
Upvotes: 2
Related Questions
- Grok Pattern escaping a - (hyphen)
- Logstash grok filter apache pattern
- Logstash Grok pattern with double quotes
- Logstash filter, if field matches regex not working
- Custom GROK filter - Logstash -> Elasticsearch
- Logstash issue with config regex
- Logstash custom matching
- grok regular expression is not working in log stash
- Grok parsing with special characters in message
- grok filter for log pattern