Grok not breaking on matching first pattern

Varun_Goyal · September 17, 2018, 9:01am

I am using grok to extract first line data.
For that i tried GREEDYDATA, also tried *. but it seems it matches last entity.

My input has multiline codec.

Input Field:
Content installed successfully on the client\r\n\r\nProduct: XYZ Iron ASDB List 14.0 RU1\r\nVersion: DEF.CurDefs\r\nLanguage: Languages\r\nMoniker: {AVSRR-92CD-4877-B26F-EE9FFB3C34E0}\r\nSequence: 180913050\r\nPublish Date: Thursday, September 13, 2018\r\nRevision: 050\r\n

Grok Filter:

grok {
break_on_match => true

		match => { "FIELD_CONTAING_DATA" => "(?m)(?<Information>^(.*))" }

}
I have also tried GREEDYDATA.
I have also tried match => { "FIELD_CONTAING_DATA" => "(?m)(?^(.*\r\n))"

Still the output is:
Content installed successfully on the client\r\n\r\nProduct: XYZ Iron ASDB List 14.0 RU1\r\nVersion: DEF.CurDefs\r\nLanguage: Languages\r\nMoniker: {AVSRR-92CD-4877-B26F-EE9FFB3C34E0}\r\nSequence: 180913050\r\nPublish Date: Thursday, September 13, 2018\r\nRevision: 050\r\n

While, I was expecting output to be:
Content installed successfully on the client\r\n.

What I am missing here, can anyone help ?

system · October 15, 2018, 9:01am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash Grok break_on_filter not working Logstash	1	306	March 29, 2018
[SOLVED] Grok and Greedydata regex Logstash	9	7898	February 13, 2017
Will my "%{GREEDYDATA:[log_message]}" overwrides all my other grok filters? Logstash	2	377	February 1, 2021
Greedydata does not work Logstash	11	2922	July 6, 2017
Break_on_match not working Logstash	4	476	July 5, 2019

Grok not breaking on matching first pattern

Related topics