Hello everyone,
I need your help to parse with grok filter two information in two different variable with one filter.
The log line is as follows :
From: DNS_dns[2060]/15885
the first information is : DNS_dns and the second is 15885. Is that possible ?
I try this : match => {"message" => "From: %{WORD:Variable1"}
But it just parse me the first information.
Thank you for the help !
Try using https://grokdebug.herokuapp.com/ it's incredibly helpful.
This pattern should do what you want
From: %{WORD:Variable1}%{GREEDYDATA}/%{INT:Variable2}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.