I'm working with some logs from squid but one value could appear or not
1621232309.575 1 172.99.6.74 TCP_MEM_HIT/206 3096 GET http://storage.googleapis.com/ - HIER_NONE/- application/octet-stream
1621232309.575 1 172.99.6.74 TCP_MEM_HIT/206 3096 GET http://storage.googleapis.com/ - HIER_NONE/1.1.1.1- application/octet-stream
How can i manage through grok the differences??
You can surround part of the grok pattern with ( and )? so that it matches zero or more times.
many thanks!!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.