Grok Patterns - Quick question

Carlos_Magalhaes · December 12, 2018, 10:45am

Hi all,

I think this is a quick clarifying question. With a Grok pattern:

Does the entire string that has been filtered need to be matched with your grok pattern or does the grok pattern pull out what it needs and disregards the rest, example:

this, is, some, string, from, some, log

grok pattern does not find "some" and "log" but matches the rest "this", "is", "string", "from".
Does it then assign what it found to the fields OR
Does it fail because it couldn't match everything.

When you do a match => can you have multiple grok patterns in that block or is it one grok pattern per match => block. Reason asking is that different systems that have the same service but depending on config can send different log info (similar format but additional or less fields).
The documentation on grok from what I have searched for is limited, explains what it is with one or two examples but does not go in depth. Is there any good links or documentation I can be pointed to (and I have tried google for documentation )

thank you once again

system · January 9, 2019, 10:45am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Multiple grok pattern, really multiple? Logstash	2	211	April 28, 2022
QUESTION ABOUT "LOGSTASH GROK MATCH" WITH ARRAY Logstash	4	1284	May 27, 2019
Grok Filter Pattern Clarification Logstash	2	209	July 24, 2018
Logstash 7.2 grok match filter plugin using multiple patterns Logstash	1	259	July 25, 2019
Beginner question grok + pattern matching + different line format Logstash	2	1234	June 14, 2017

Grok Patterns - Quick question

Related topics