Is it possible to parse an event field for multiple values and have all matches be stored in multiple new fields dynamically?
For example, if [message] contains multiple hits on a regex searching for URLs, could they all get stored in new fields called URLs.N respectively?
I understand that using the grok filter that you can store the first value in a newly created field.
But I wish to store all matches. Secondarily, I wish to store the different capture groups into fields as well.
So in the examples below I would like Match 1.1 and Match 2.1 to be stored in a dynamic variable:
URL.1 => https://windscribe.com/../gif
URL.2 => https://eur03...C01
Then I would like to store the other capture groups in a field of their own as well such as:
URL.1.protocol = > https
URL.1.domain => windscribe.com
URL.1.path = /img...gif
URL.2.protocol => https
URL.2.domain => eur03...com
URL.2.path => /?url=https...yw
I am using http://rubular.com/ to test my regex, and it works great!
Thanks!