Problems to parse "/" character

Hi all,

I'm using logstash to parse a FIX string message into a index data tag by tag. Check the following configuration:

if "fix" in [tags]
		match => { "message" => "%{GREEDYDATA:direction} %{GREEDYDATA:timestamp} %{GREEDYDATA:fix_string}" }
		source => "fix_string"
		field_split => "\x01"

The filter is working properly, except when we have a text with a "/" inside the message.
For the example below, logstash is considering the content util "/" as the direction attribute, but it belows o the fix_string attribute.

IN 20180130-11:45:29.924351900 8=FIX.4.49=51935=834=15852=20180130-11:41:59.0631=9999316=014=032=037=NONE38=539=840=244=8490054=258=Short position [1.00] exceeds limit [0.00] for Equivalent Instrument / [ID(50885),SIDE(2),RATIO(1.00)]59=060=20180130-11:41:59103=10020150=8151=5453=4448=6074660447=D452=36447=D452=54448=85447=D452=7447=D452=3310=077

Does anybody have and idea to solve this issue?

Don't use more than one DATA or GREEDYDATA pattern in the same expression. It's very inefficient and can lead to unexpected matches, possibly including this one. Use a more exact expression like for example %{NOTSPACE} %{NOTSPACE} %{GREEDYDATA}.

Fit like a glove!
Thank you very much for your assistance.


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.