Simple problem with grok

Elastic Stack Logstash
1

Hi, this is my conf file:

input { stdin { } }

 filter {
  grok {
    patterns_dir => ["./patterns"]
    match => { "message" => "%{NOTSPACE:timestamp}%{SPACE}%{WORD:vendor}%{NOTSPACE}%{SPACE}%{TIMESTAMP_ISO8601:localEventTime}%{SPACE}%{NOTSPACE}%{SPACE}%{WORD}%{SPACE}%{NOTSPACE}%{SPACE}%{NOTSPACE}%{IPV4:userIP}%{NOTSPACE}%{SPACE}%{USER:username}\(%{WORD:group}\)" }
  }
}

output {
  stdout { codec => rubydebug }
}

I need right after the last tag to skip(or delete this char:"[" and right after that this char:"]", how can I do it?
as you can see I used "" to avoid the "(" and ")" but it doesn't works with the "[" , "]"

2

Please give an example of what you're trying to parse.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.