If I understand correctly:
WORD is \b\w+\b. But there is no word boundary (\b) at this place, so it doesn't match. The following works:
%{TIMESTAMP_ISO8601:time}の\[%{WORD:FFF}\]の(?<DD2>\w+\b)If I understand correctly:
WORD is \b\w+\b. But there is no word boundary (\b) at this place, so it doesn't match. The following works:
%{TIMESTAMP_ISO8601:time}の\[%{WORD:FFF}\]の(?<DD2>\w+\b)© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.