Hi there!!!
I need to parse 2 field from:
CLIENT_LOG: User( ip: 109.132.225.96; user_id: 90221; name: 'GGG'; days_in_game: 1; pvp_rating: 0; provider: GooglePlay; device_model: 'samsung SM-G900F';). event_name: 'Mission_Start_BlaBlaBla';
scene: "Mission_Start"
level: "BlaBlaBla"
Please help
Try this for your grok filter:
^.*event_name: \'(?<scene>.*)_(?<level>.*?)\';^.*event_name: \'(?<scene>.*)_(?<level>.*?)\';
This is dangerous since the first .* is greedy and could match more than desired. Prefer this:
event_name: '(?<scene>[^_]+)_(?<level>[^']+)'
This assumes that the scene name never contains an underscore.