Hello,
I'm attempting to pull the name of a software package from a CPE from NIST. This is my sample data:
cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*
With regular regex the following expression matches the string between the 4th and 5th colon just fine, however, using Grok within Logstash using the round brackets it unfortunately no longer matches what I want. From all the examples I've seen, round brackets are required.
Code:
grok {
match => { "[software][cpe]" => "(?<[software][name]>^(?:[^:]+:){4}\K[^:]+)"
}
Output:
{
"[software][name]": "cpe:2.3:a:libexpat_project:libexpat"
}
Desired Output:
{
"[software][name]": "libexpat"
}
I'd appreciate some guidance.
Thanks.