When I define a grok pattern for windows file path matching, I cannot get it to work... even with the default.
The log is as follows:
{
"message" => "Prepared StagingJob for spreadsheet 'C:\\App\\Folder\\test_2.xlsx'\r",
"@version" => "1",
"@timestamp" => "2016-05-31T19:25:24.274Z",
"path" => "/mnt/logs/SchedulerService.log",
"host" => "elastic",
"tags" => [
[0] "_grokparsefailure"
],
"filename" => ""
}
My filter is as such:
filter {
grok {
patterns_dir => ["/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.5/patterns"]
match => { "message" => "%{SCHED_EXCEL}" }
match => { "message" => "%{SCHED_FILENAME}" }
}
My Grok Pattern is as follows:
SCHED_FILENAME ^Prepared StagingJob for spreadsheet '%{WINPATHTEST:filename}'(\\r*)
WINPATHTEST is:
WINPATHTEST [a-zA-Z]:(\\[A-Za-z0-9\-,_\(\)]*)+\.[A-Za-z0-9]+
I've tried using WINPATH, but that failed as well. I've verified that this works in grok constructor at http://grokconstructor.appspot.com/do/match
Regards,
Jimmy
