Simple problem with grok

parrot · March 10, 2017, 9:21am

Hi, this is my conf file:

input { stdin { } }

 filter {
  grok {
    patterns_dir => ["./patterns"]
    match => { "message" => "%{NOTSPACE:timestamp}%{SPACE}%{WORD:vendor}%{NOTSPACE}%{SPACE}%{TIMESTAMP_ISO8601:localEventTime}%{SPACE}%{NOTSPACE}%{SPACE}%{WORD}%{SPACE}%{NOTSPACE}%{SPACE}%{NOTSPACE}%{IPV4:userIP}%{NOTSPACE}%{SPACE}%{USER:username}\(%{WORD:group}\)" }
  }
}

output {
  stdout { codec => rubydebug }
}

I need right after the last tag to skip(or delete this char:"[" and right after that this char:"]", how can I do it?
as you can see I used "" to avoid the "(" and ")" but it doesn't works with the "[" , "]"

magnusbaeck · March 13, 2017, 8:39am

Please give an example of what you're trying to parse.

system · April 10, 2017, 8:39am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Grok filter - issues with spaces and special charecters Logstash	11	8995	June 12, 2017
Why _grokparsefailure? Logstash	5	1335	January 10, 2019
Grok pattern to account for # Logstash	2	123	October 6, 2023
Irregular spacing Logstash	4	923	July 6, 2017
Skip to end of filter if the grok pattern does not match Logstash	3	799	March 20, 2021

Simple problem with grok

Related topics