Hi,
I try to use regex syntax with grok/match. I don't have any error and the match not working.
Anything wrong here ???
grok {
match => { "[event_data][param2]" => "(?<adfs_userid>(?<=\<UserId\>)(.*)(?=\<\/UserId\>))" }
}
I use another match in the same if to make sure my condition is ok.
Thank you in advance!!!
Hm. It definitely looks like it should match using the Grok Constructor, but is not matching in Logstash.
I think it may have to do with the lookahead- and lookbehind assertions; I can capture with the following though:
grok {
match => { "[event_data][param2]" => "<UserId>(?<adfs_userid>(.*))</UserId>" }
}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.