How extract a value from grock pattern in a new field

Amani188 · September 12, 2023, 2:48pm

Hi,
I'm trying to create new field called Systeme from a grock pattern whitch match the value of Systeme but it's always empty does anyone have an idea about how to do that.
I'm using ingest pipeline like this:

"grok": {
  "field": "log.file.path",
  "patterns": [
    "%{WORD:disk}:\\\\Test\\\\%{WORD:Systeme}\\\\JBoss"
  ],
  "on_failure": [
    {
      "set": {
        "field": "error",
        "value": "{{error}} || {{ _ingest.on_failure_message }}"
      }
    }
  ]
}

},
{
"set": {
"field": "Systeme",
"value": "{{Systeme}}"
}
},

stephenb · September 12, 2023, 7:38pm

Hi @Amani188

You need to provide a couple sample documents that you want to pass through the ingest pipeline and show us the expected results