Is it possible to Grok out part of a string and then the whole string?


(Steven) #1

Hello,

I have the following request type:

"GET /rest/api/latest/search?jql=project+%3D+%22THP%22+AND+type+%3D+%22Defect%22+order+by+updated+desc&startAt=0&fields=summary,updated HTTP/1.1"

Is it possible to GROK out "GET" and place it in http_status and then GROK out "GET /rest/api/latest/search?jql=project+%3D+%22THP%22+AND+type+%3D+%22Defect%22+order+by+updated+desc&startAt=0&fields=summary,updated HTTP/1.1" and place that in a field called request_type?

Thanks.


(Christian Stockhaus) #2

you can simple nest named pattern groups like

"(?<request_type>(?<http_status>[A-Z]+)%{GREEDYDATA})"

(Steven) #3

@Shaoranlaos,

Thank you!


(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.