Multiple grok pattern, really multiple?

lgllrd · March 31, 2022, 8:10am

Hello,

I'm trying to use the multiple grok pattern as in the documentation ( Grok filter plugin | Logstash Reference [8.1] | Elastic ) but I notice that it only handles the first two patterns.

Here is my filter :

{
    grok {
        match => {
            "message" => [
                "thing1=%{DATA:thing1},",
                "thing2=%{DATA:thing2},",
                "thing3=%{DATA:thing3},"
            ]
        }
    }
}

So I have two questions:

Are the patterns independent of each other?
What did I miss?

Thanks for your answers

Badger · March 31, 2022, 5:05pm

What does [message] look like? What do the results look like? Do you need to use break_on_match => false?

system · April 28, 2022, 5:05pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash 8.1 multiple patterns Logstash	2	160	December 22, 2023
Grok performance Logstash	5	1307	January 18, 2018
Logstash 7.2 grok match filter plugin using multiple patterns Logstash	1	259	July 25, 2019
GROK Multiple Match - Logstash Logstash	4	27103	July 6, 2017
Multile pattren in single Grok Filter Logstash	5	285	August 28, 2018

Multiple grok pattern, really multiple?

Related topics