Logstash Grok pattern with multiple matches
Question
I am attempting to write a grok expression that will result in multiple matches. I'm parsing a line that has 5 repetitions of the same pattern.
I've been able to make a simple pattern with a regex that will return multiple matches but it seems that Grok doesn't work that way. I don't really understand Ruby so I haven't really inspected the code.
Example input:
222444555
Pattern:
(?<number>\d{3})*
I would have expected output like this:
"number" : [
[
"222", "444", "555"
]
]
or something like that. Is this possible in Grok? I know I could just repeat the pattern three times, but on some lines there are an unknown number of repetitions.
Any pointers?
1 answers
solution1
0 ACCPTED 2017-01-03 18:53:22
I took a different approach. I used grok to extract the part of the line that was repeating. Then I used a ruby {} filter to chop the line up into parts using the scan function:
ruby {
code => "event.put('segment', event.get('segments').scan(/.{3}/))
}
That worked really well as it created an array in the segment property, then followed by split {} on that field I got the multiple events that I wanted.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.