I am trying to add multiple custom grok patterns to the grok debugger in Kibana. I currently have this:
{"IIS_HOST" : "[a-zA-z.-]+"}
But every time I add another grok patter, I get a syntax error.
I am wondering if the debugger can only take one custom pattern at a time (which would be quite counter intuitive). I also more strongly believe that my syntax is just incorrect and needs sorting out.
If someone could give me some pointers as to how to correct my syntax that'd be great! I have looked online but can't seem to find anything, the documentation only guides me on how to add one custom grok pattern so isn't much help.
Hi Lukas.
Currently all I am trying to do is to put more than one custom grok pattern in the debugger. But for the purpose of resolving this issue I will provide you with a screenshot of what I have so far.
So as you can see above I have used a custom grok pattern to match the 'Host' section of the log. Below is what I would like to achieve, however I believe my syntax is incorrect in the 'Custom Grok Patterns' section.
I typed out the below this morning and forgot to post it:
I resolved the issue, I messed about with my syntax a bit and this is what I've got working:
{"IIS_HOST" : "[a-zA-z.-]+" , "IIS_TIMESTAMP" : "01"}
Each custom grok needs to be enclosed in the curly brackets and each pattern is to be comma separated.
I would suggest this is added to the documentation as trying to guess syntax is extremely difficult to 'guess'.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
