I'm using dissect processor to parse a value like
/var/log/containers/calico-node-ltx4t_kube-system_calico-node-21e03abb29adcec39f69e3f76c16eb2b3ed4dd1a51675279de5cedc59bdce56b.log
using tokenizer:/var/log/containers/%{kube_pod_name}_%{kube_namespace_name}_%{container_name}-%{container_id}.log
The result is:
"kube_pod_name": "calico-node-ltx4t",
"container_id": "node-21e03abb29adcec39f69e3f76c16eb2b3ed4dd1a51675279de5cedc59bdce56b"
"kube_namespace_name": "kube-system",
"container_name": "calico",
However, the result I expected is:
"container_id": "21e03abb29adcec39f69e3f76c16eb2b3ed4dd1a51675279de5cedc59bdce56b"
"container_name": "calico-node"
Does dissect processor in beats support greedy/lazy match? Like regexp?