Hi , i am trying to capture the while block in the grok along with the square brackets [] . The grok filter field should be displaying the data with the pattern inside it . Can someone please advise what should be grok for this.
[BT:CHROME, BV:55, BL:en, CC:CZ]
It's very hard to understand what you're asking. You want to match a string like "[BT:CHROME, BV:55, BL:en, CC:CZ]" and include the square brackets in the resulting field?
Hi @magnusbaeck yes .. i want to match a string like "[BT:CHROME, BV:55, BL:en, CC:CZ]" and include the square brackets in resulting field.
Then perhaps (?<name-of-field>\[[^\]]*\]) would do. It should match a [ followed by zero or more characters of any kind except ], followed by ].
Awesome ..Thanks magnusbaeck. It works
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.