How extract a value from grock pattern in a new field

Amani188 · September 12, 2023, 2:48pm

Hi,
I'm trying to create new field called Systeme from a grock pattern whitch match the value of Systeme but it's always empty does anyone have an idea about how to do that.
I'm using ingest pipeline like this:

"grok": {
  "field": "log.file.path",
  "patterns": [
    "%{WORD:disk}:\\\\Test\\\\%{WORD:Systeme}\\\\JBoss"
  ],
  "on_failure": [
    {
      "set": {
        "field": "error",
        "value": "{{error}} || {{ _ingest.on_failure_message }}"
      }
    }
  ]
}

},
{
"set": {
"field": "Systeme",
"value": "{{Systeme}}"
}
},

stephenb · September 12, 2023, 7:38pm

Hi @Amani188

You need to provide a couple sample documents that you want to pass through the ingest pipeline and show us the expected results

system · October 10, 2023, 7:38pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Ingest Pipeline for parsing multiline fields giving provided Grok expressions do not match field value error error Elasticsearch	2	293	August 6, 2023
Grok pattern for a unique value inside a field Logstash	3	382	December 10, 2021
Grok pattern - string parsed as original log format Kibana ingest-pipeline	1	307	September 24, 2021
Ingest Node Pipeline doesn't allow for "\[" pattern Elasticsearch	3	1257	November 16, 2020
[Ingest pipeline] tag and trace match Elasticsearch ingest-pipeline	1	938	March 31, 2022

How extract a value from grock pattern in a new field

Related Topics