Hello, I have this snippet of a log-file
2017-01-01 07:53:44 [connectionpool.py] DEBUG: "POST /api/v1/crawledproducts/merchant/ariika/new_crawl_iteration/ HTTP/1.1" 200 None
2017-01-01 07:53:44 [monitor_utils.py] INFO: Crawled iteration for merchant ariika started
2017-01-01 07:53:44 [utils.py] INFO: UpdateCrawlIteration._start_crawl_iteration function took 0.127 s
2017-01-01 07:53:44 [telnet.py] DEBUG: Telnet console listening on 127.0.0.1:33357
2017-01-01 07:53:44 [middlewares.py] INFO: [kipp] Using user agent (Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.60 Safari/537.17)
I wrote a grok filter to extract the merchant name (ariika) from the second line, I tested it on grok debugger it was working, but it didn't extract in logstash
grok{
match => [ "message", "(?<merchant_name>(?<=Crawled iteration for merchant ).*(?= started))" ]
}
Can you suggest a better pattern?