We have logs like below.
2018-02-24 18:24:21 GET /test/customer/api/abc/getCustomer
2018-02-24 18:24:21 GET /test/customer/10000
2018-02-24 18:24:21 GET /test/customer/10000/updateCustomer
We are trying to parse apiname as last word and excluding numerical values by reg exp like below. Because we don't want customer id 10000 should come as apiname.
%{GREEDYDATA}/(?[^//][a-zA-Z^]*$+)
If we are testing this expression then it is working fine. But once we configure this in beats.conf it failed to parse log line 2. We tried to remove failed parse result by below. But we only see parsed result for only line 1. Not line 3.
if "_grokparsefailure" in [tags] {
drop { }
}
Could you please help here.