Grok stop at the first occurrancy error

rschirin · February 7, 2019, 6:00pm

hi,
I'm trying to get a specific username using grok plugin.
this is my message:

{"data":{"id":"134","projectName":"Deploy","fullProjectName":"ITIO/ITSA/SABIS/CribisITA2a/Deploy","displayName":"#134","fullDisplayName":"ITIO » ITSA » SABIS » Cribis.It A2A » Deploy #134","description":"ENV: CI, CR: 409551","url":"job/ITIO/job/ITSA/job/SABIS/job/CribisITA2a/job/Deploy/134/","buildHost":"Jenkins","buildLabel":"master","buildNum":134,"buildDuration":97015,"rootProjectName":"Deploy","rootFullProjectName":"ITIO/ITSA/SABIS/CribisITA2a/Deploy","rootProjectDisplayName":"#134","rootBuildNum":134,"buildVariables":{"BUILD_DISPLAY_NAME":"#134","BUILD_ID":"134","BUILD_NUMBER":"134","BUILD_TAG":"jenkins-ITIO-ITSA-SABIS-CribisITA2a-Deploy-134","BUILD_URL":"https://jenkins.crifnet.com/job/ITIO/job/ITSA/job/SABIS/job/CribisITA2a/job/Deploy/134/","CLASSPATH":"","CRNUM":"409551","DEPLOY_TO":"CI","HUDSON_HOME":"/var/jenkins_home","HUDSON_SERVER_COOKIE":"cbdc16a5c2893867","HUDSON_URL":"https://jenkins.crifnet.com/","JENKINS_HOME":"/var/jenkins_home","JENKINS_SERVER_COOKIE":"cbdc16a5c2893867","JENKINS_URL":"https://jenkins.crifnet.com/","JOB_BASE_NAME":"Deploy","JOB_DISPLAY_URL":"https://jenkins.crifnet.com/job/ITIO/job/ITSA/job/SABIS/job/CribisITA2a/job/Deploy/display/redirect","JOB_NAME":"ITIO/ITSA/SABIS/CribisITA2a/Deploy","JOB_URL":"https://jenkins.crifnet.com/job/ITIO/job/ITSA/job/SABIS/job/CribisITA2a/job/Deploy/","PACKAGE_FOLDER":"\\\\tpbuild2006r2\\InfoPubbliche\\CribisItA2A\\2019-01-17.000-CI-CE","PACKAGE_ZIP":"Crif.CribisIt.A2AGateway.2019-01-17.001_no_CONFIG.zip","RUN_CHANGES_DISPLAY_URL":"https://jenkins.crifnet.com/job/ITIO/job/ITSA/job/SABIS/job/CribisITA2a/job/Deploy/134/display/redirect?page=changes","RUN_DISPLAY_URL":"https://jenkins.crifnet.com/job/ITIO/job/ITSA/job/SABIS/job/CribisITA2a/job/Deploy/134/display/redirect"}},"message":["Started by user Michael Jordan","Running as Michael Jordan","Obtained Deploy/Jenkinsfile from git https://gogs.crifnet.com:3000/SABIS/cribisit_a2a.git","Running in Durability level: MAX_SURVIVABILITY","[Pipeline] Start of Pipeline","[Pipeline] node","Running on jksslv01 in

and this is my grok function:

.*user\s%{GREEDYDATA:username.start}\",\"Running\sas\s%{GREEDYDATA:username.running_as}\",\"

username.start is extracted correctly while username.running_as is wrong (Michael Jordan","Obtained Deploy/Jenkinsfile from....)

can you explain where am I fault?

Badger · February 7, 2019, 7:25pm

GREEDYDATA is just that, greedy. It will match the longest possible string. So if you match A%{GREEDYDATA:a}B against A...B...C...B it will not match ..., it will match ...B...C...

You could change the second GREEDYDATA to be DATA, but I think you would do much better with a pattern like

'Started by user (?<username.start>[^"]+)","Running as (?<username.running>[^"]+)"'

Also, the .* at the beginning in your pattern is meaningless since the pattern is not anchored.

system · March 7, 2019, 7:25pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.