I have log messages coming in and a few of them have one of three special characters: @, -, or #.
How can I get grok to ignore the hashtag without removing it from the new field? Below is the code snippet I'm using.
It works fine when it's just this:
(?<Tran_ID>[0-9A-Z@]{3,4})
But when I add the hasthtag, the rest becomes a comment:
(?<Tran_ID>[0-9A-Z@#-]{3,4})
Can you provide more detail? If I run
input { generator { count => 1 lines => [ '{ "id": "The id is A1#9" }' ] codec => json } }
output { stdout { codec => rubydebug { metadata => false } } }
filter { grok { match => { "id" => "(?<Tran_ID>[0-9A-Z@#-]{3,4})" } } }
then I get "Tran_ID" => "A1#9".
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.