TeamZ
Reputation: 361
GROK pattern to match URIPATH
Here is my sample URL
http://localhost:8080/abc2/query/errorLogs
was trying to extract only query/errorLogs. For this i have tried below GROK patten
(%{URIPROTO}://%{URIHOST}(?<path>/[^/]+/[^/]+/[^/]+))
Below output i am getting
{
"URIPROTO": [
[
"http"
]
],
"URIHOST": [
[
"localhost:8080"
]
],
"IPORHOST": [
[
"localhost"
]
],
"HOSTNAME": [
[
"localhost"
]
],
"IP": [
[
null
]
],
"IPV6": [
[
null
]
],
"IPV4": [
[
null
]
],
"port": [
[
"8080"
]
],
"path": [
[
"/abc2/query/errorLogs"
]
]
}
but i was expecting path should be "/query/errorLogs".
Upvotes: 0
Views: 154
Answers (1)
LinPy
Reputation: 18578
try this :
(%{URIPROTO}://%{URIHOST}(?<first_path>/[^/]+)%{GREEDYDATA:path})
result:
port 8080
first_path /abc2
path /query/errorLogs
Upvotes: 1
Related Questions
- GROK Parsing with regex
- Grok pattern for matching content in already parsed log line
- logstash log parsing with regex and grok
- GROK pattern for HTTP URL
- Grok pattern with this log line
- Custom Grok regular expression matcher
- custom log grok pattern
- Logstash Grok pattern with multiple matches
- grok pattern for extracting a portion of URI
- grok - how to get a URIPATHPARAM?