Help with grok pattern and regex


(Renan Graciano) #1

Hello,

I'm looking for some help with my grok patterns, since I'm not being able to parse one of the messages that I need:

The message is:
"Variable: instrucoes | Value: some text here\r\n | Path: ["POST","json","params",0,"instrucoes"]\n########################\nDescription: (23) Detects JavaScript location/document property access and window access obfuscation\nImpact: 5 | Tags: xss, csrf\n"

With dissect I was able to parse almost everything, but when I got to the double quoted Path: It doesn't work, so I was recommended to go with grok...
The problem is, that I cannot manage to get past the Variable...

I was trying to do something like that:
variable: %{word:variable} | (?/(?<=value: )(.*)(?=path:)) | path:

But it didn't even got the "value"
Can you guys help me?

I need to get the variable, value, path, description, impact and tags
Thank you very much!


(system) closed #2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.