Hi Experts ,
I have data in key value format . But some data is as follows
act=ACCESS GRANTED rt=1439389790799
Now when I use KV filter in logstash it gives me an output like
act=ACCESS
rt=1439389790799
Here I noticed word Granted is missing . Please suggest how I can show the complete string using KV filter in logstash ?
What I was thinking to have a regex which will select everything between act= and rt. It did not work for me as I am getting the following error
undefined group option: /act=(?CT:lol((?s)(.*)rt))/m
This is what I used in LG config file
filter {
if [type] == "cust1" {
grok {
match=>["message",'act=%{CT:Action}'] }
}
}
here CT is my pattern((?s)(.*)rt) which I defined in the grok-pattern file.
Please guide me what I can do get this string .
Thanks
VG
