Hi there
Here is my log line
[2020-02-11 09:55:39.595] [Value1] [Value2] [Value3] [Value4] [Value5] [Value6] [Value7] # !! Détail code retour: 150
my grok
grok {
match => { "message" => "[%{TIMESTAMP_ISO8601:logDate}] [%{DATA:Core}] [%{WORD:serveur}] [%{WORD:Categorie}] [%{WORD:Type}] [%{WORD:Entry}] [%{WORD:Importance}] [%{DATA:Classe}] # !! %{GREEDYDATA:Texte}\S" }
I got in elasticsearch all my values but the last one ignore the zero
Texte : Code retour : 15
Why i can not get the whole string
Thanks for any help
For the pattern to match the trailing \S has to match something. It is matching and consuming the trailing 0.
Thank's a lot