Parsing two information with one filter

Sam67000 · July 18, 2017, 7:30am

Hello everyone,

I need your help to parse with grok filter two information in two different variable with one filter.
The log line is as follows :

From: DNS_dns[2060]/15885

the first information is : DNS_dns and the second is 15885. Is that possible ?

I try this : match => {"message" => "From: %{WORD:Variable1"}
But it just parse me the first information.

Thank you for the help !

pemontto · July 18, 2017, 8:21am

Try using https://grokdebug.herokuapp.com/ it's incredibly helpful.

This pattern should do what you want
From: %{WORD:Variable1}%{GREEDYDATA}/%{INT:Variable2}

Topic		Replies	Views
Capture multiple information for one match grok Logstash	3	1159	February 4, 2020
Parsing with Grok filter Logstash	2	426	May 22, 2017
Using grok filter to parse log file Logstash	4	461	May 2, 2021
Grok pattern test Logstash	3	579	July 10, 2018
How can i parse one field further into different fields in another grok pattern? Logstash	3	1842	July 6, 2017