Logstash is not taking in account whitespaces at the end of lines ? (grok filter)

Hello Elastic community,

Sorry if this question has already been asked but I didn't find something that was close to what I'm looking for.
I'm new to logstash and I'm trying to use Grok filter.
I have a string of concatenated data as : data1data2data3data4
and I want to get each data into a new field :

{
  "value1": "data1",
   "value2": "data2",
   "value3": "data3",
   "value4": "data4",
}

And some data can be null.
For example, if I have the following string data1 data3 (with 5 whitespaces at the end of the string)
(I know the length of each data, here it's 5 for all for the example)

And if I use the grok filter as (?<value1>.{5})(?<value2>.{5})(?<value3>.{5})(?<value4>.{5}) the grok debugger says that the pattern does not match the input.
However if I try to get only 3 values it works fine.

Does that mean that logstash does not take in account whitespaces at the end of a string and stops at the last character ? Should I add a character at the end of my line in order to get all data that I want ?
Or is there a simple way to retrieve everything ?

Thank you for your time.

If you use

output { stdout { codec => rubydebug } }

then what does the [message] field loook like?

Hello Badger

It actually works on my logstash instance.
To be clear, I was testing with the grok debugger in Kibana.
Sorry for the inconvinience, I should have tested directly on my logstash instance.
Still thank you for your time.
This topic can be close

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.