Wrong output

David_Mohamad · March 6, 2021, 2:24pm

Hi everyone,
I recently started using the elastic stack for the first time and I cant seem to find a way to get the desired output.
I'm trying to use this data:
admintool[899] browser=Mozilla%2F5.0 %28Windows NT 10.0;user=dmohamad
With this grok pattern:
%{WORD:ag.config.service}[%{INT:ag.config.id}]
The output is:
{
"ag": {
"config": {
"service": "2F5"
}
}
}
The way I would like it to be is:
{
"ag": {
"config": {
"service": "admintool"
"id": "899"
"user": "dmohamad"
}
}
}

Thanks In advance.

nugusbayevkk · March 6, 2021, 3:21pm

hi @David_Mohamad ,
try use this :

%{WORD:ag.config.service}\[%{INT:ag.config.id}\] browser=%{DATA:ag.config.browser};user=%{WORD:ag.config.user}

David_Mohamad · March 8, 2021, 5:02pm

Thanks a lot. It works now.

system · April 5, 2021, 7:02pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.