Grok filter only uses last match, can this be changed?

Arthur_Francis · November 25, 2016, 4:57pm

If a pattern is matched several times within an event, is there a way to take into account only the first match. After doing some testing after my issue in this post here Grok filter behaviour different for some messages

I found that only the last match is included in the result, is there a way to reference the index of the matches somehow or change this default behaviour?

Thanks

system · December 23, 2016, 4:57pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Which hits get picked up by grok filter in multiline events Logstash	2	501	July 6, 2017
Grok Patterns - Quick question Logstash	1	285	January 9, 2019
Multiple grok pattern, really multiple? Logstash	2	211	April 28, 2022
Is it possible to index only the matched log lines of grok in Logstash? Logstash	6	3094	March 5, 2017
How does logstash match? Logstash	5	288	January 3, 2023

Grok filter only uses last match, can this be changed?

Related topics