Will my "%{GREEDYDATA:[log_message]}" overwrides all my other grok filters?

yulaika · January 4, 2021, 7:27am

grok {
match => {
"message" => [

          "(?<[log][timestamp]>%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{TIME}) \[%{NOTSPACE:[LOG][LEVEL]}\] %{GREEDYDATA:[log_message]}"
        ,

          "(?<[log][timestamp]>%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{TIME}) %{NOTSPACE:[LOG][LEVEL]} %{GREEDYDATA:[log_message]}"
        ,

          "\[(?<[log][timestamp]>%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{TIME})\] %{GREEDYDATA:[log_message]}"
        ,

          "(?<[log][timestamp]>%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{TIME}) %{GREEDYDATA:[log_message]}"
        ,

          "(?<[log][timestamp]>%{MONTHNUM}-%{MONTHDAY}-%{YEAR}%{SPACE}%{TIME}) %{GREEDYDATA:[log_message]}"
        ,

          "%{GREEDYDATA:[log_message]}"


      ]

    }

  }

Badger · January 4, 2021, 2:43pm

If break_on_match is true (the default) then grok will go through the patterns in order and stop when it finds one that matches.

system · February 1, 2021, 2:43pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Doesn't work when trying to match on "source" and "message" in the same grok Logstash	2	540	January 16, 2020
Logstash 7 GROK Filter plugin 'break_on_match' appears to be broken Logstash	14	4957	May 20, 2019
Greedydata does not work Logstash	11	2922	July 6, 2017
Logstash Grok break_on_filter not working Logstash	1	306	March 29, 2018
Grok pattern matching in debugger but not on logstash Logstash	4	250	July 6, 2022

Will my "%{GREEDYDATA:[log_message]}" overwrides all my other grok filters?

Related topics