Multiple Match Array

kopacko · August 20, 2020, 7:59pm

I am trying to parse a message that will have multiple items that I am trying to capture into an array.

For example :
message: test message @word blah blah @word test ...

In this case, the number of captures can and will be different per message field.

I cannot seem to figure how to capture these specific words that start with an @ symbol.

Badger · August 20, 2020, 8:18pm

I would do that in ruby

ruby { code => 'event.set("matches", event.get("message").scan(/@\w+/))' }

kopacko · August 23, 2020, 11:40pm

Thanks.

But I will pass on Ruby.

Badger · August 24, 2020, 12:26am

Can you expand on your objection to using a ruby filter in logstash?

kopacko · August 24, 2020, 10:59pm

Is that a plugin that has to be installed? I am trying to stay with the native plugins.

Badger · August 24, 2020, 11:31pm

It is installed by default.

kopacko · August 25, 2020, 1:29am

Ah ok. I might it whirl then. Thank you sir.

system · September 22, 2020, 1:29am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Text based log format, need help in parsing Logstash	3	371	June 19, 2019
Split a string to array/list, greedy match Logstash	3	495	December 30, 2020
Logstash - Parse formatted message with Ruby Code Logstash	5	1297	January 18, 2020
Same pattern multiple times in a single logmessage Logstash	3	315	July 6, 2017
Multiple matches with a single regex Logstash	1	389	January 19, 2017