Filter Data With First Data in grok filter

All is in the title I want to filter with the first data in my grok filter to use an other grok filter

Can you explain us the problem with example please ?

For example I have something like this to parse :

"Application data on like"

The problem that I have is that the data hasn't the same format everytime, sometimes it will be something like this :

"Application word word word word"

So I wanted to know if we can just get the first data (the field Application in my example) to create some conditions (some if in the .conf file) to filter following the application that we get


Searching alone

Can you add your answer? Then others having the same problem can learn from it as well :slight_smile:

it's written in my last message, you can close it

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.