Optional text + field RegEx with filters in Logstash

rodri.gz · December 16, 2021, 12:39pm

Hello!

how can i set a text I use as locator as optioanal with regular expresions or grok ??

For example :

2021-12-15 13:50:34,589 INFO  Parámetros enviados a XXXXXX:
	accion : YYYYYYYYYYY
	mesNacimiento : YYYYYYYYYYYYYYYYY
	ape2 : YYYYYYYYYYYYYYYYY
	accionProsa : YYYYYYYYYYYYYYYYY
	tipoServicio : YYYYYYYYYYYYYYYYY
	log : yyyyyyyyy.YYYYYYYYYYYYYYYYY
	ape1 : YYYYYYYYYYYYYYYYY
	anioNacimiento : YYYYYYYYYYYYYYYYY
	nombre : YYYYYYYYYYYYYYYYY
	diaNacimiento : YYYYYYYYYYYYYYYYY

I have tried with this grok pattern:

(?m)%{TIMESTAMP_ISO8601:Fecha} %{LOGLEVEL:LogLevel}%{DATA}(?:accion : (%{USERNAME:Accion})?)%{DATA}(?:accionProsa : (%{USERNAME:AccionProsa})?)%{DATA}(?:tipoServicio : (%{USERNAME:TipoServ})?)

but it dissapears when i set the fields as optionals and i delete one of those fields.

Badger · December 16, 2021, 4:17pm

I would suggest using an array of patterns, like this.

yaauie · December 16, 2021, 5:17pm

Another approach would be to capture the entire key/value sequence to a temporary field, then to use the KV filter plugin to parse the arbitrary set of key/value to their own fields.

system · January 13, 2022, 5:18pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Is posible to set a text as optional in RegularExpresions? Logstash	3	332	January 6, 2022
Is posible to have iptional field with regex as grok optionals fields? Logstash	6	422	January 6, 2022
Optional fields Logstash	3	1124	January 15, 2019
Logstash: Optional fields in grok Logstash	3	341	January 4, 2023
Correct Grok Pattern for an optional field including spaces Logstash	6	5009	August 1, 2019

Optional text + field RegEx with filters in Logstash

Related topics