Grok Filter Pattern with Comma

Hello All,

I need %{GREEDYDATA:Text1} till first comma

Here is the input file data
02/06/2016 01:01:07,Text1Data,Text2Datap1,Text2Datap2,Text2Datap3,1046,547,error

Grok Expression
%{DATESTAMP:Time},%{GREEDYDATA:Text1},%{GREEDYDATA:Text2},%{INT:value1},%{INT:value2},%{GREEDYDATA:Status}

Current Output
{
"Time": [
"02/06/2016 01:01:07"
],
"Text1": [
"Text1Data,Text2Datap1,Text2Datap2"
],
"Text2": [
"Text2Datap3"
],
"value1": [
"1046"
],
"value2": [
"547"
],
"Status": [
"error"
]
}

Expected Output
{
"Time": [
"02/06/2016 01:01:07"
],
"Text1": [
"Text1Data"
],
"Text2": [
"Text2Datap1,Text2Datap2,Text2Datap3"
],
"value1": [
"1046"
],
"value2": [
"547"
],
"Status": [
"error"
]
}

Thanks for your help in Advance

The most likely answer is to not use GREEDYDATA. Try (?<Text1>[^,]*) instead of %{GREEDYDATA:Text1}.

Hello Eric,

Thanks for the response,
As per your suggestion, i have updated expression as below

Pasted image1011×410 12.8 KB

But it gives no match

You need to change all the occurrences of GREEDYDATA using the same basic approach as the first.

Hello Eric,

If possible, can you please provide me complete expression ?

Thanks

%{DATESTAMP:Time},(?<Text1>[^,]*),(?<Text2>[^,]*),%{INT:value1},%{INT:value2},(?<Status>[^,]*)

This is all on one line, obviously.

Thanks Eric,

I got correct expected output now,

Pasted image1082×772 24.6 KB

Since your input is CSV, why not use the csv filter instead of grok?