Hello Elastic community,
Sorry if this question has already been asked but I didn't find something that was close to what I'm looking for.
I'm new to logstash and I'm trying to use Grok filter.
I have a string of concatenated data as : data1data2data3data4
and I want to get each data into a new field :
{
"value1": "data1",
"value2": "data2",
"value3": "data3",
"value4": "data4",
}
And some data can be null.
For example, if I have the following string data1 data3 (with 5 whitespaces at the end of the string)
(I know the length of each data, here it's 5 for all for the example)
And if I use the grok filter as (?<value1>.{5})(?<value2>.{5})(?<value3>.{5})(?<value4>.{5}) the grok debugger says that the pattern does not match the input.
However if I try to get only 3 values it works fine.
Does that mean that logstash does not take in account whitespaces at the end of a string and stops at the last character ? Should I add a character at the end of my line in order to get all data that I want ?
Or is there a simple way to retrieve everything ?
Thank you for your time.