Logstash grok - How to match not(negate) the pattern in grok


(Arun Prasath) #1

I have bunch of log files which are named using its version numbers like below. To match the filename having compA and 2-0/3-0 version, I have like below

projectA-compA-test.log
projectA-compA-2-0-test.log
projectA-compA-3-0-test.log
projectA-compA-feature-test.log

Grok/Logstash configuration:

input { }

if [source] =~ "projectA-compA-2-0" {
...
} else if [source] =~ "projectA-3-0" {
...
} else if [source] =~ "projectA-compA-feature" {
...
} else if ! [source] =~ "projectA-compA-2-0" and ! [source] =~ "projectA-compA-3-0" and ! [source] =~ "projectA-compA-feature" {
...
}

Please suggest whether my negate condition is correct. Is there any other best way to achieve negate condition.

output { }


(Paris Mermigkas) #2

Regex negation is defined as such (you can see all appropriate operators here)

...
} else if [source] !~ "projectA-compA-2-0" and  [source] !~ "projectA-compA-3-0" and  [source] !~ "projectA-compA-feature" {
   ...
}

(Arun Prasath) #3

Thanks Paz. Its working now.


(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.