Slightly embarrassed, but i can not find the answer of a what feels like simple question.
Data looks like this
ABC WORD1 DEF WORD2 GHI WORD3
or
ABC WORD1 DEF WORD2 GHI WORD3 (nonimportanttext)
This below works with Example 1 (missing the non-important text in parentheses)
ABC %{DATA:first} DEF %{DATA:second} GHI %{DATA:third}$
But how do i ignore the non important text in the second line? Is it possible with a OR-statement?
Hi,
You can make optionnal pattern using (%{pattern})?
So in your case a pattern like this will work :
ABC %{DATA:first} DEF %{DATA:second} GHI %{DATA:third}( .*)?$
( .*)? means that it is possible to have a space followed by [0 - ∞] charactere(s)
Cad.
Of course!
Thanks!
Another approach could be using
ABC %{DATA:first} DEF %{DATA:second} GHI %{NOTSPACE:third}
to match both.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.