Hi,
Stupid question but how can I create a custom pattern and call on it? I've used the grok debugger to make sure everything gets parsed correctly but I'm not sure how to go from there.
Log data (events come in per line, I want grok to apply all patterns to each line until it finds a matching one (I will drop the ones that fail).
EbNo Value : 06.1dB
STATE: Tracking
MODEM STATE: LOGGED IN
TEMP = 150.1 deg F
My grok pattern
EbNo Value : (?<Eb>[\d.\d]{4})(?<remove_db>[\w]{2})
STATE: %{WORD:state}
MODEM STATE: %{GREEDYDATA:modem_state}
TEMP = (?<temp>[\d.\d]{3,5}) (?<remove_deg>[\w ]{5})
Reading the docs its not clear how to proceed. Should I put something like this in my pattern?
EB_VALUE EbNo Value : (?<Eb>[\d.\d]{4})(?<remove_db>[\w]{2})
and then put something like this in the filter if I want to create a field called eb?
patterns_dir => ["./patterns"]
match => { "message" => "%{EB_VALUE:eb}"
Also, if I want grok to try each pattern on a log line until it finds a matching one, should I put in an array of all the patterns I have?