/graylog2-server

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Grok extractor: Allow returning only named captures #1486

Closed
joschi opened this Issue Oct 14, 2015 · 10 comments

Comments

Assignees

@bernd bernd

Labels
Projects
None yet
Milestone
  2.1.0
9 participants
@joschi @runningman84 @fractal76 @manishjhawar @nixcorn @mightydok @kroepke @w4-sglim @bernd
@joschi
Contributor

joschi commented Oct 14, 2015

The Grok extractor currently returns all matches for a grok pattern, e. g. also alternatives for the chosen pattern.
Graylog 1.2.x Grok extractor

It should be possible to only return named captures with the Grok extractor, similar to the Logstash Grok filter and the Grok Debugger.
Grok Debugger

@bernd bernd added the feature label Oct 14, 2015

@runningman84

This comment has been minimized.

Sign in to view

runningman84 commented Nov 20, 2015

please include this feature in 1.3 this seems to be a quite small change...
@joschi

This comment has been minimized.

Sign in to view
Contributor

joschi commented Nov 20, 2015

@runningman84 This won't make it into Graylog 1.3.x.
@fractal76

This comment has been minimized.

Sign in to view

fractal76 commented Jan 5, 2016

This seems to be a pretty major shortcoming!? Any plans to include this in upcoming releases?
@manishjhawar

This comment has been minimized.

Sign in to view

manishjhawar commented Feb 23, 2016

+1 Any plans for 2.0?
@nixcorn

This comment has been minimized.

Sign in to view

nixcorn commented Mar 2, 2016

👍 💯 please add this feature, i would really appreciate that!

@kroepke kroepke referenced this issue May 2, 2016

Closed

Nested Grok patterns #2158

@mightydok

This comment has been minimized.

Sign in to view

mightydok commented Jun 29, 2016

+1 for this issue
@runningman84

This comment has been minimized.

Sign in to view

runningman84 commented Jun 30, 2016

@kroepke can you add this to 2.1?
@kroepke

This comment has been minimized.

Sign in to view
Member

kroepke commented Jun 30, 2016

@runningman84 That greatly depends whether the grok library we use actually supports the "named captures only" feature. Otherwise we can't differentiate the matches.
We'll investigate.

@kroepke kroepke self-assigned this Jun 30, 2016

@kroepke kroepke added this to the 2.1.0 milestone Jun 30, 2016

@w4-sglim

This comment has been minimized.

Sign in to view

w4-sglim commented Jul 19, 2016

+1

@bernd bernd assigned bernd and unassigned kroepke Jul 19, 2016

bernd added a commit that referenced this issue Jul 19, 2016

@bernd
Add option to only use named captures in Grok extractor 
Update to the latest version of our java-grok port which adds support
for this via upstream.

The option is disabled by default.

Fixes #1486
Loading status checks…
d2c7119

@bernd bernd referenced this issue Jul 19, 2016

Merged

Add option to only use named captures in Grok extractor #2500

@bernd

This comment has been minimized.

Sign in to view
Member

bernd commented Jul 19, 2016

This will be in the upcoming Graylog 2.1. See #2500 for details.

@joschi joschi closed this in #2500 Jul 19, 2016

joschi added a commit that referenced this issue Jul 19, 2016

@bernd @joschi
Add option to only use named captures in Grok extractor (#2500) 
Update to the latest version of our java-grok port which adds support
for this via upstream.

The option is disabled by default.

Fixes #1486
Loading status checks…
13f42b3

@jalogisch jalogisch referenced this issue Jul 27, 2016

Closed

Grok extractor: Allow returning only named captures #59

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment