Will my "%{GREEDYDATA:[log_message]}" overwrides all my other grok filters?

yulaika · January 4, 2021, 7:27am

grok {
match => {
"message" => [

          "(?<[log][timestamp]>%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{TIME}) \[%{NOTSPACE:[LOG][LEVEL]}\] %{GREEDYDATA:[log_message]}"
        ,

          "(?<[log][timestamp]>%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{TIME}) %{NOTSPACE:[LOG][LEVEL]} %{GREEDYDATA:[log_message]}"
        ,

          "\[(?<[log][timestamp]>%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{TIME})\] %{GREEDYDATA:[log_message]}"
        ,

          "(?<[log][timestamp]>%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{TIME}) %{GREEDYDATA:[log_message]}"
        ,

          "(?<[log][timestamp]>%{MONTHNUM}-%{MONTHDAY}-%{YEAR}%{SPACE}%{TIME}) %{GREEDYDATA:[log_message]}"
        ,

          "%{GREEDYDATA:[log_message]}"


      ]

    }

  }

Badger · January 4, 2021, 2:43pm

If break_on_match is true (the default) then grok will go through the patterns in order and stop when it finds one that matches.

system · February 1, 2021, 2:43pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Doesn't work when trying to match on "source" and "message" in the same grok Logstash	2	540	January 16, 2020
[SOLVED] Grok and Greedydata regex Logstash	9	7891	February 13, 2017
Grok pattern matching in debugger but not on logstash Logstash	4	250	July 6, 2022
Problem with coding Grok filter Logstash	5	1013	July 5, 2017
Grok pattern problem Logstash	2	244	July 8, 2019

Will my "%{GREEDYDATA:[log_message]}" overwrides all my other grok filters?

Related Topics