GROK directives in one line

Elastic Stack Logstash
1

Hey guys :slight_smile:

I am using the GROK plugin to parse through my log file and to extract some useful information. Currently I am using the following config:

  grok {
match => {"message" => "pullrequest=%{INT:pullrequest}$"}
  }
  grok {
match => {"message" => "jenkins_jobid=%{INT:jenkins_jobid}$"}
  }
  grok {
match => {"message" => "build_start=%{TIME:build_start}$"}
  }

Question: Is there a way to merge all these separate directives into one?

Thanks!

2

What does a complete message look like? And are you sure you shouldn't be using a kv filter instead?

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.