Grok not breaking on matching first pattern

Varun_Goyal · September 17, 2018, 9:01am

I am using grok to extract first line data.
For that i tried GREEDYDATA, also tried *. but it seems it matches last entity.

My input has multiline codec.

Input Field:
Content installed successfully on the client\r\n\r\nProduct: XYZ Iron ASDB List 14.0 RU1\r\nVersion: DEF.CurDefs\r\nLanguage: Languages\r\nMoniker: {AVSRR-92CD-4877-B26F-EE9FFB3C34E0}\r\nSequence: 180913050\r\nPublish Date: Thursday, September 13, 2018\r\nRevision: 050\r\n

Grok Filter:

grok {
break_on_match => true

		match => { "FIELD_CONTAING_DATA" => "(?m)(?<Information>^(.*))" }

}
I have also tried GREEDYDATA.
I have also tried match => { "FIELD_CONTAING_DATA" => "(?m)(?^(.*\r\n))"

Still the output is:
Content installed successfully on the client\r\n\r\nProduct: XYZ Iron ASDB List 14.0 RU1\r\nVersion: DEF.CurDefs\r\nLanguage: Languages\r\nMoniker: {AVSRR-92CD-4877-B26F-EE9FFB3C34E0}\r\nSequence: 180913050\r\nPublish Date: Thursday, September 13, 2018\r\nRevision: 050\r\n

While, I was expecting output to be:
Content installed successfully on the client\r\n.

What I am missing here, can anyone help ?

system · October 15, 2018, 9:01am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.