We are trying to extract information from logs depending on the UUID of the command that was used. At the moment our grok match looks like this.
match => {"[doc][Message][0]" => "(?<GrokParse>[A-Fa-f0-9]{8}-(?:[A-Fa-f0-9]{4}-){3}[A-Fa-f0-9]{12})"}
This works on almost all UUIDs and we don't understand why these exceptions happen.
This UUID parses without issues.
e64a7b32-a7e1-45da-85bf-b92685a183f7
This UUID fails and gives a _grokparsefailure
tag
ac53e624-3a3a-45ae-a75c-6311b8281189
We can not see why it would fail, neither contain any letter after F, no special characters, both follow the 8-4-4-4-12 pattern with both letters and numbers in each segment.
Right now all we can think of is that the failing UUID only has one letter in the last segment or that 4th segment begins with a letter in the failing one.
Anything obvious or less obvious we missed?