Hazi
Reputation: 21
Regular expressions for grok pattern
I was facing issues while trying to print second string (only) from below line.
Input:
Severity: error
And the output i am expecting is, error. Can someone please help? I am new to regex and tried many options and somehow i arrived at this after trimming all other stuff from the line and stuck here.
Upvotes: 1
Views: 4049
Answers (3)
Hazi
Reputation: 21
Severity:\s(?<log_severity>[^\s|\r|\n|\r\n]*)
Above regex works for my requirement. Actually, I was looking to implement it in logstash.conf file to input logs to Kibana. The full patter is as follow,
input {
file {
path => ["your input log file path"]
start_position => beginning
ignore_older => 0
sincedb_path => "NUL"
}
}
filter{
grok {
match => ["message","Severity:\s(?<log_severity>[^\s|\r|\n|\r\n]*)"]
#You can add more as per your requirement. It display in Kibana as
#Severity: Error
}
}
output {
elasticsearch {
hosts => "localhost:9200"
}
}
Upvotes: 1
Sufiyan Ghori
Reputation: 18763
You have over complicated your filter. Since you need to match a single word, you can use WORD pattern as follows,
filter {
grok {
match => { "message" => "Severity: %{WORD:Severity}" }
}
}
It will output,
{
"Severity": [
[
"error"
]
]
}
You can test it here, https://grokdebug.herokuapp.com/
Upvotes: 0
Related Questions
- GROK Parsing with regex
- logstash log parsing with regex and grok
- Grok pattern with this log line
- logstash grok - how to do conditional pattern matching?
- Custom Grok regular expression matcher
- Custom regular expression for grok
- custom log grok pattern
- Logstash grok filter regex
- Logstash Grok pattern with multiple matches
- logstash / grok pattern file