Is it possible to Grok out part of a string and then the whole string?


I have the following request type:

"GET /rest/api/latest/search?jql=project+%3D+%22THP%22+AND+type+%3D+%22Defect%22+order+by+updated+desc&startAt=0&fields=summary,updated HTTP/1.1"

Is it possible to GROK out "GET" and place it in http_status and then GROK out "GET /rest/api/latest/search?jql=project+%3D+%22THP%22+AND+type+%3D+%22Defect%22+order+by+updated+desc&startAt=0&fields=summary,updated HTTP/1.1" and place that in a field called request_type?


you can simple nest named pattern groups like



Thank you!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.