I have following match statement for an log event in which data2 field will be having some events repeated with similar pattern: match =>["message","%{GREEDYDATA:data}process id %{NUMBER:pid}%{GREEDYDATA:data1}BBBBBB%{GREEDYDATA:data2}"] I want to parse data2 field further into individual fields..…

magnusbaeck (Magnus Bäck) August 19, 2016, 10:50am 2

Just add another grok filter.

grok {
  match => ["data2", "..."]
}

1 Like

Logstash parsing problem

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.

How can i parse one field further into different fields in another grok pattern?