Skip to content

/ graylog2-server

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Grok extractor: Allow returning only named captures #1486

Closed
joschi opened this issue Oct 14, 2015 · 10 comments
Closed

Grok extractor: Allow returning only named captures #1486

joschi opened this issue Oct 14, 2015 · 10 comments
Assignees
@bernd
Labels
feature
Milestone
2.1.0

Comments

@joschi
Copy link
Contributor

@joschi joschi commented Oct 14, 2015

The Grok extractor currently returns all matches for a grok pattern, e. g. also alternatives for the chosen pattern.
Graylog 1.2.x Grok extractor

It should be possible to only return named captures with the Grok extractor, similar to the Logstash Grok filter and the Grok Debugger.
Grok Debugger
@bernd bernd added the feature label Oct 14, 2015
@runningman84
Copy link

@runningman84 runningman84 commented Nov 20, 2015

please include this feature in 1.3 this seems to be a quite small change...
@joschi
Copy link
Contributor Author

@joschi joschi commented Nov 20, 2015

@runningman84 This won't make it into Graylog 1.3.x.
@fractal76
Copy link

@fractal76 fractal76 commented Jan 5, 2016

This seems to be a pretty major shortcoming!? Any plans to include this in upcoming releases?
@manishjhawar
Copy link

@manishjhawar manishjhawar commented Feb 23, 2016

+1 Any plans for 2.0?
@nixcorn
Copy link

@nixcorn nixcorn commented Mar 2, 2016

👍 💯 please add this feature, i would really appreciate that!
@kroepke kroepke mentioned this issue May 2, 2016
Closed
@mightydok
Copy link

@mightydok mightydok commented Jun 29, 2016

+1 for this issue
@runningman84
Copy link

@runningman84 runningman84 commented Jun 30, 2016

@kroepke can you add this to 2.1?
@kroepke
Copy link
Member

@kroepke kroepke commented Jun 30, 2016

@runningman84 That greatly depends whether the grok library we use actually supports the "named captures only" feature. Otherwise we can't differentiate the matches.
We'll investigate.
@kroepke kroepke self-assigned this Jun 30, 2016
@kroepke kroepke added this to the 2.1.0 milestone Jun 30, 2016
@w4-sglim
Copy link

@w4-sglim w4-sglim commented Jul 19, 2016

+1
@bernd bernd assigned bernd and unassigned kroepke Jul 19, 2016
bernd added a commit that referenced this issue Jul 19, 2016
@bernd
Add option to only use named captures in Grok extractor
Loading status checks…
d2c7119 
Update to the latest version of our java-grok port which adds support
for this via upstream.

The option is disabled by default.

Fixes #1486
@bernd bernd mentioned this issue Jul 19, 2016
Merged
@bernd
Copy link
Member

@bernd bernd commented Jul 19, 2016

This will be in the upcoming Graylog 2.1. See #2500 for details.
@joschi joschi closed this in #2500 Jul 19, 2016
joschi added a commit that referenced this issue Jul 19, 2016
@bernd @joschi
Add option to only use named captures in Grok extractor (#2500)
Loading status checks…
13f42b3 
Update to the latest version of our java-grok port which adds support
for this via upstream.

The option is disabled by default.

Fixes #1486
@jalogisch jalogisch mentioned this issue Jul 27, 2016
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bernd bernd

Labels
feature
Projects
None yet
Milestone
2.1.0
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
9 participants
@bernd @joschi @kroepke @fractal76 @mightydok @manishjhawar @runningman84 @nixcorn @w4-sglim