I have following match statement for an log event in which data2 field will be having some events repeated with similar pattern: match =>["message","%{GREEDYDATA:data}process id %{NUMBER:pid}%{GREEDYDATA:data1}BBBBBB%{GREEDYDATA:data2}"] I want to parse data2 field further into individual fields..…

magnusbaeck (Magnus Bäck) August 19, 2016, 10:50am 2

Just add another grok filter.

grok {
  match => ["data2", "..."]
}

1 Like

Logstash parsing problem

Topic		Replies	Views
Pattern Matching Logstash	8	1152	April 5, 2017
Add_field Logstash	5	991	July 6, 2017
Grok pattern to extract the fields from the log file Logstash	2	310	February 24, 2021
Can I use grok to match fields? Logstash	2	805	July 6, 2017
Logstash grok multiple pattern , multi-line Logstash	2	302	March 19, 2021

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.

How can i parse one field further into different fields in another grok pattern?

Related topics