Hi Everyone! I have a question about using Dissect and Grok together when working with a format that has varying structure. A line in my log file might look like this: word,word.word.word.word|timestamp|number,number,name|timestamp However the number of names in a line can change so it may also lo…

Hybrid Grok and Dissect Parsing

Badger October 29, 2021, 5:33pm 2

Use dissect to parse the fixed prefix and grok with an array of patterns for the variable part. An example is here.

Topic		Replies	Views
Can dissect use a variable number of fields? Logstash	11	1350	October 24, 2019
Logstash dissect and grok pattern matching issue Logstash	7	473	May 20, 2021
Logstash Dissect Filter - Multiple Delimiters? Logstash	1	799	December 4, 2018
Grok + Dissect - how to work properly? Logstash	4	726	May 4, 2020
Newbie Issue with multiple dissects Logstash	3	291	March 20, 2019

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.

Hybrid Grok and Dissect Parsing

Related topics