Hey there,
I'm looking for an opportunity to parse this expression:
TEST_test_123-NONE-testTEST123-Test_123 into TEST_test_123, NONE, testTEST123, Test_123
I've tried to use custom patterns like : [a-zA-Z0-9_] , [/w+-] <- Dosen't work. Anytime a _grokparefailure
Thank you for supporting me.
What are you looking to parse it into?
Into: [quote="bastianhoss, post:1, topic:57421"]
TEST_test_123, NONE, testTEST123, Test_123
[/quote]
You could have a look at the csv filter and use this with '-' as a separator.
Csv filter?
I may have misunderstood. Do you want to parse out 4 fields or reformat the string?
4 different string fields
You can probably do it with grok, but it is just as easy with the csv filter plugin. If the string provided is your full message, something like this should work:
csv {
columns => ["field1","field2","field3","field4"]
separator => "-"
}TEST_test_123-NONE-testTEST123-Test_123 Is par of a syslog entry.
Is it possible to format the above mentioned stirng with grok and later ist the filter with csv
Is it possible to format the above mentioned stirng with grok and later ist the filter with csv
Yes, you can use grok to extract the string from the syslog message and then apply the csv filter to that string.
Hi,
using own pattern brings the solution:
NOT_HYPHEN [^-]+
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.