Will my "%{GREEDYDATA:[log_message]}" overwrides all my other grok filters?

yulaika · January 4, 2021, 7:27am

grok {
match => {
"message" => [

          "(?<[log][timestamp]>%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{TIME}) \[%{NOTSPACE:[LOG][LEVEL]}\] %{GREEDYDATA:[log_message]}"
        ,

          "(?<[log][timestamp]>%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{TIME}) %{NOTSPACE:[LOG][LEVEL]} %{GREEDYDATA:[log_message]}"
        ,

          "\[(?<[log][timestamp]>%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{TIME})\] %{GREEDYDATA:[log_message]}"
        ,

          "(?<[log][timestamp]>%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{TIME}) %{GREEDYDATA:[log_message]}"
        ,

          "(?<[log][timestamp]>%{MONTHNUM}-%{MONTHDAY}-%{YEAR}%{SPACE}%{TIME}) %{GREEDYDATA:[log_message]}"
        ,

          "%{GREEDYDATA:[log_message]}"


      ]

    }

  }

Badger · January 4, 2021, 2:43pm

If break_on_match is true (the default) then grok will go through the patterns in order and stop when it finds one that matches.

system · February 1, 2021, 2:43pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.