stackoom
  简体   繁体   中英

logstash, grok - how match optional field after multiline data?

 原文  2018-10-16 11:02:08       logstash/ logstash-grok

Question

I use logstash to parse messages from filebeat. Individual messages have the following syntax: 

key1: some data!....
-...data continues..special symbols ..:!?111--
whatever...1234!"..??..data..continues !!';;; blabla
key2: important data

key1 's value is a multiline mess which I want to ingore.
Also note, that key2 is optional, and it can happen to not to be in the log message!

I want to parse key2 value, if present, and tried it as so: 

key1: (?m)%{DATA}(\nkey2:%{DATA:value})?

, but it seems that the first DATA block just matches the whole message and the optional part is skipped.
I need the first DATA block to not to be greedy, and so not to skip key2 .

Thanks for any suggestions :)

1 answers

solution1
 0  2018-10-16 11:37:19

Is this by any chance stacktrace which is intented? Then you can filter for spaces. An example of your log might be of help.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Logstash: grok expression for multiline data Logstash - grok multiline Logstash grok multiline message Logstash grok match pattern for message field Logstash grok doesn't match for specific field How do I match a newline in grok/logstash? Parse multiline JSON with grok in logstash Getting optional field out of message in logstash grok filter Logstash: Reading multiline data from optional lines Logstash grok match 2 patterns
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM