I have a row of data being sent to logstash. The row can contain several IP addresses. However one ip address is always prefixed with IPv4: and i want to only capture this IP address so i have created this Grok regex:
match => ["message", "(?<IPv4>IPv4:\s*(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}))"]
which works except for that the new field content looks like this: (it contains IPv4:)
IPv4: 10.10.10.1
When i want it to only contain the IP:
10.10.10.1
How can i continue to look for IPv4: to make sure i get the right IP but remove IPv4: from the capture group?