Hi there
Here is my log line
[2020-02-11 09:55:39.595] [Value1] [Value2] [Value3] [Value4] [Value5] [Value6] [Value7] # !! Détail code retour: 150
my grok
grok {
match => { "message" => "[%{TIMESTAMP_ISO8601:logDate}] [%{DATA:Core}] [%{WORD:serveur}] [%{WORD:Categorie}] [%{WORD:Type}] [%{WORD:Entry}] [%{WORD:Importance}] [%{DATA:Classe}] # !! %{GREEDYDATA:Texte}\S" }
I got in elasticsearch all my values but the last one ignore the zero
Texte : Code retour : 15
Why i can not get the whole string
Thanks for any help
For the pattern to match the trailing \S has to match something. It is matching and consuming the trailing 0.
Thank's a lot
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.