Square brackets in ingest node grok pattern

wenyao · December 5, 2016, 4:16am

I am trying to convert my logstash configs into ingest node pipelines.

In my previous logstash config, the grok pattern contains square brackets which looks like this:

\[%{DATA:loglevel}\] %{TIMESTAMP_ISO8601:datetime} \[%{DATA:handler}\] - %{GREEDYDATA:errorMsg}

However, i cant add the blackslash before [ and ] in my .json pipeline definitions and it does not seem to work when i remove the blackslashes or when i add a double backslash in front.

How can i capture the data within square brackets for ingest nodes grok filters?

spinscale · December 5, 2016, 10:06am

Hey,

how about this?

POST _ingest/pipeline/_simulate
{
  "pipeline": {
    "description": "describe pipeline",
    "processors": [
      {
        "grok": {
          "field": "message",
          "patterns": [
            "\\[%{DATA:loglevel}\\] %{GREEDYDATA:errorMsg}"
          ]
        }
      }
    ]
  },
  "docs": [
    {
      "_source": {
        "message": "[INFO] what ever else comes here"
      }
    }
  ]
}

--Alex

wenyao · December 5, 2016, 10:16am

It does not work. I did mention in my previous post that i already tried it out with double backslashes

system · January 2, 2017, 10:16am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to escape square bracket in Logstash Grok filter? Logstash	7	12706	April 10, 2018
Issue with escaping pipe "\|" in Ingest Pipeline Elasticsearch ingest-pipeline	8	660	November 5, 2021
PATTERN ERROR WHEN ADDING IN INGEST PIPELINE GROK PROCESSOR Kibana	1	359	February 15, 2022
Ingest Node Pipeline doesn't allow for "\[" pattern Elasticsearch	3	1257	November 16, 2020
How to remove brackets on grok patterns? Logstash ingest-pipeline	2	959	September 9, 2022

Square brackets in ingest node grok pattern

Related Topics