Multiple grok pattern, really multiple?

lgllrd · March 31, 2022, 8:10am

Hello,

I'm trying to use the multiple grok pattern as in the documentation ( Grok filter plugin | Logstash Reference [8.1] | Elastic ) but I notice that it only handles the first two patterns.

Here is my filter :

{
    grok {
        match => {
            "message" => [
                "thing1=%{DATA:thing1},",
                "thing2=%{DATA:thing2},",
                "thing3=%{DATA:thing3},"
            ]
        }
    }
}

So I have two questions:

Are the patterns independent of each other?
What did I miss?

Thanks for your answers

Badger · March 31, 2022, 5:05pm

What does [message] look like? What do the results look like? Do you need to use break_on_match => false?

system · April 28, 2022, 5:05pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash 8.1 multiple patterns Logstash	2	160	December 22, 2023
GROK Multiple Match - Logstash Logstash	4	27096	July 6, 2017
Grok multiple matches issue Logstash	1	452	January 19, 2017
Grok The correct syntax to match against multiple patterns Logstash	1	23	August 31, 2024
Is logstash supports multiple grok pattern? Logstash elastic-stack-monitoring	3	107	April 29, 2024

Multiple grok pattern, really multiple?

Related Topics