Thank you in advance,
Please advise how can I capture logs that have different pattern, let say for username, the value shows [ldap:my_user01], and I created grok to capture this by \[ldap0:%{USERNAME:username}\], then later on, I found out some logs wth non ldap username, the value shows [ANON], how can I extract just the username (without ldap:).....You can ? to make a capture group optional.
grok { match => { "field" => "^\[(%{WORD:ldap}:)?%{USER:user}\]$" } }Thank you so much..appreciate it..
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.