LogStash Config File - Grok Regex

Karanbir_Mann · May 4, 2020, 6:22pm

Hello Community,

I'm very new to LogStash and I have a question. I am trying to use grok to get a substring from my message and put it in a new field. I've used grokdebugger in kibana and it seems to highlight the right text.
This is my grok pattern: (?<CR Number>(?<=CR num:)".{0,20}?")

What is the right way to put this grok pattern in config file? I am expecting it to create a new CR Number field. Right now I am doing this, but it does not work:

if [type] == "esign" 
  {
    grok {
    
      match => { "message" => "(?<CR Number>(?<=CR num:)".{0,20}?")" }
    }

Am I putting the grok regex pattern in config file the right way?
Thanks in advance!

Karanbir Mann

Badger · May 5, 2020, 3:36pm

I would expect logstash to log an error for that. If you have double quotes in your pattern then use single quotes around it

'(?<CR Number>(?<=CR num:)".{0,20}?")'

Karanbir_Mann · May 5, 2020, 5:20pm

Hi @Badger,

Amazing suggestion. I actually just solved my issue by escaping my double quotes using backslash and it solved the issue.

Thanks
Karanbir

system · June 2, 2020, 5:25pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash parsing problem Logstash	5	395	February 6, 2020
Special Characters in logs - how to escape them in logstash grok pattern Logstash	4	28931	July 6, 2017
Grok Pattern not working Logstash	6	582	February 8, 2022
Grok filter is not working (custom pattern) Logstash	6	1667	May 10, 2017
Add field in logstash config Logstash	6	2272	July 6, 2017

LogStash Config File - Grok Regex

Related topics