logstash-filter-grok

logstash-filter-grok copied to clipboard

grok overwrite not working for empty strings

2

migrates from https://github.com/elastic/logstash/issues/2590 ``` So when I have this input input="2015-02-11T17:49:29Z logspout dev_ziservice_1[1]: ASDF" grok { match => ["message", "%{TIMESTAMP_ISO8601:syslogTimestamp} %{SYSLOGHOST} %{DATA:container_name}(?:\[%{POSINT}\])?:%{SPACE}%{GREEDYDATA:message}"] overwrite => [ "message" ] } message is...

jsvd

Parse regex to a nested field

6

I'm trying to parse using grok filter with a regular expression. I can store the result in a flat field: ``` (?[r-]) ``` It gives: ``` "permission.user.read" => "r", ```...

dadoonet

grok applies tag_on_failure if last pattern doesn't match

3

If you have a grok filter with multiple matches and break_on_match set to false, the event will have tag_on_failure applied unless the last pattern matches. This is a change from...

webmstr

Implement Java Version of this Plugin's Logic and Benchmark against Current Version

2

It's in the title, also see https://github.com/logstash-plugins/logstash-filter-grok/pull/111#issuecomment-300284569 for the background.

original-brownbear

Ability to auto-sort match options by frequency of match

1

A typical multi-match might look like this: ``` grok { match => { "message" => [ "%{MY_PATTERN:foo}", "%{OTHER_PATTERN:bar" ] } } ``` Currently the array of matches is processed in...

robin13

remove the use of a class instance variable for holding pattern paths

1

There's no need to have a class variable (@@patterns_path). During register time just include the 2 paths in @patterns_dir.

jsvd

Hey, our Logstash pipeline config files are generated. There was a bug in our generation system which led to following grog pattern. The pattern was one of MANY patterns in...

kub1x

Unable to capture string from logstash input s3 prefix

1

I am working on ingesting cloudtrail data to elasticsearch using the logstash s3 input plugin and a grok filter to capture the name of the AWS account to be used...

niraj8241

Migrated from https://github.com/elastic/logstash/issues/7383 Created by @micoq --- Hello, I'm not sure if it's the right repository to post this issue since the grok library is included in Logstash. On any...

z0rc

i found Grok DSL is weird on match multiply patterns, so i post a discussion about it. https://discuss.elastic.co/t/grok-with-multiple-matches-can-i-assign-type-based-on- match/60397/5 grok dsl cann't tell you which pattern is matched & u...

lucianspec