Grok filter pattern file with capture group regex

jarlrmai · August 8, 2017, 10:36am

\bSeverity=\\\"(?<severity>[^\\\"]*)

I have the above regex for Grok, It works on the Grok Debugger

[View@6876 Severity=\"INFO\" Module=

becomes

{
  "severity": [
    [
      "INFO"
    ]
  ]
}

How do I add this to a pattern file, I can;t seem to see the syntax for using a named capture group in a pattern file, and I can't get it working on the Grok Debugger.

jarlrmai · August 9, 2017, 6:23pm

Can anyone help?

system · September 6, 2017, 6:23pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.