grokdebug icon indicating copy to clipboard operation
grokdebug copied to clipboard

Published 20 hours ago verified publisher icon nickethier

Support nested fields as used in Logstash

Open albgus opened this issue 2 years ago • 0 comments

Using grok variable names with [brackets] in them does not seem to work. This can make it harder to debug Logstash grok patterns as the brackets are used to define nested fields, e.g. [ingress][port].

Example

With sample:

[namespace/service-name:8080]

This works:

\[%{DATA:ingress_namespace}/%{DATA:ingress_service}:%{DATA:ingress_port}\]

This doesn't:

\[%{DATA:[ingress][namespace]}/%{DATA:[ingress][service]}:%{DATA:[ingress][port]}\]```

albgus avatar Dec 20 '22 13:12 albgus