How or what syntax is the standard for using the escape character in a literal?
"\\" tells me it doesn't apply to the following case
here I have a message string
"client 1.1.1.1#44582 (abc.com): query (cache) 'abc.com/A/IN' denied\n"
but shouldn't one be able to later use "\\n" for the ending of the string? I'd like to not to include the string "\n" as part of <?bindmsg> -- and I have things working, though here when it doesn't pass grok fails.(it fails for "\\n")
"client %{HOSTNAME:dcip}#([0-9]+) \(%{HOSTNAME:qry}\): ([\S]+) ([\S]+) ('[\S]+)/(?<qrystring>[^/]+)/([A-Za-z]+') (?<bindmsg>[\S]+)\n"
"client %{HOSTNAME:dcip}#([0-9]+) \(%{HOSTNAME:qry}\): ([\S]+) ([\S]+) ('[\S]+)/(?<qrystring>[^/]+)/([A-Za-z]+') ((?<bindmsg>[\S]+)\\n)"
the fields get picked up nicely though I do now know why it is "\n" -- I'm used to using "\\" in other languages so this seems a bit counter intuitive
thanks