Logstash basic grok field types description

Elastic Stack Logstash
1

Hi,

From this link, we can have a reference at the different types supported in Logstash grok pattern. I am listing down some basic types in it;

  1. USERNAME
  2. USER
  3. INT
  4. BASE10NUM
  5. NUMBER
  6. BASE16NUM
  7. BASE16FLOAT
  8. POSINT
  9. NONNEGINT
  10. WORD
  11. NOTSPACE
  12. SPACE
  13. DATA
  14. GREEDYDATA
  15. QUOTEDSTRING
  16. UUID

from the website, it is not so easy for a beginner person to choose the correct type to use with grok in Logstash. A small description about when and where to use it will be much helpful. It will be great if one can provide an example string/data too. its really confusing sometimes whether to pick WORD or SPACE, DATA or GREEDYDATA.. etc. Can somebody help me on this?

Thanks.

2 Likes
2

HI @elasticcloud

just try the debugger and play around -> link

there you can also see the patterns, its the best way to learn this.

Cheers

2 Likes
3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.