You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description:
Composing grok patterns that share named captures will result in names to bind to the wrong capture in the context of the composition.
Reproduction steps:
Setup the following patterns file (/etc/logstash/patterns/general/test-patterns)
SSH_KEYFILE_ERROR (?<tags>error): (?<failure>Could not load host key): %{PATH:keyfile}
SSH_PASSWORD_FAIL (?<failure>Failed password) for %{USER:username} from %{IPORHOST:clientip} port %{INT:port} %{WORD:protocal}
AUTH_SSH (%{SSH_KEYFILE_ERROR}|%{SSH_PASSWORD_FAIL})
Run the patterns file using the following logstash config
For Logstash 1.5.0, we've moved all plugins to individual repositories, so I have moved this issue to logstash-plugins/logstash-filter-grok#29. Let's continue the discussion there! :)
Description:
Composing grok patterns that share named captures will result in names to bind to the wrong capture in the context of the composition.
Reproduction steps:
Setup the following patterns file (
/etc/logstash/patterns/general/test-patterns
)Run the patterns file using the following logstash config
Will print the following to standard out:
Expected output:
failure
which captures the text 'Failed password'username
should contain the text 'magicaluser'The text was updated successfully, but these errors were encountered: