grok filter: How to match one pattern multiple times? #2006
Comments
|
Is this issue https://logstash.jira.com/browse/LOGSTASH-703 maybe related to my question? |
|
No, I think it is not related. Just tried it. Works for me if I use a variable twice as well as I use the target field twice. The problem is the loop I think. I am wondering because from my point of view this usecase is not unusual. |
|
For Logstash 1.5.0, we've moved all plugins to individual repositories, so I have moved this issue to logstash-plugins/logstash-filter-grok#27. Let's continue the discussion there! :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I want to match one pattern multiple times in a logevent. Tried different regex pattern but I don't get it working.
Example-event:
This is a statusCode="ERROR_121" text to demonstrate my logevent statusCode="WARNING_2408" structure
What I want to have is a statusCode field with "ERROR_121" as well as "WARNING_2408".
Notice that it is possible that the event does not contain any statusCode.
My problem is that grok filter finds either just one entry and breaks or if I combine one pattern with a * it does not find anything.
Example-pattern:
STATUSCODE [a-zA-Z0-9_-]+
STATUSCODEENTRY statusCode=.%{STATUSCODE:statusCode}.
STATUSCODES (%{STATUSCODEENTRY}.+)*
I hope somebody can help me.
Thanks.
The text was updated successfully, but these errors were encountered: