Comments (22)
thommiller
commented on July 20, 2024
4
Also came here to say this would be a great feature. Either recursive definitions or ideally something like the regex [aZ]{1,3} which will match anything between 1 and 3 alphabetic characters. If we could do this with grok tags like
%{NOTSPACE:variable}{1,3}
from logstash-filter-grok.
Littlericket
commented on July 20, 2024
1
Same. Would also perfectly fit for grokking mod_security logs and their tags.
from logstash-filter-grok.
tom-christie
commented on July 20, 2024
I have the same question. Why was this closed?
from logstash-filter-grok.
ph
commented on July 20, 2024
@tom-christie the issue is not closed, it was moved from the main logstash repository to the plugin specific repository.
from logstash-filter-grok.
DustinChaloupka
commented on July 20, 2024
👍 Have also noticed this. A workaround could be to use the split filter and find some sort of delimiter (in this case statusCode= could maybe be used) and send it through the grok filter as separate events...
from logstash-filter-grok.
jordansissel
commented on July 20, 2024
from logstash-filter-grok.
naisanza
commented on July 20, 2024
+1 this is more or less what I was looking for with #50 as well!
from logstash-filter-grok.
Solisol
commented on July 20, 2024
+1
from logstash-filter-grok.
gilles-m
commented on July 20, 2024
+1
from logstash-filter-grok.
commented on July 20, 2024
+1
from logstash-filter-grok.
thenom
commented on July 20, 2024
+1
from logstash-filter-grok.
maniankara
commented on July 20, 2024
+1
from logstash-filter-grok.
okazymyrov
commented on July 20, 2024
+1
from logstash-filter-grok.
Name-less
commented on July 20, 2024
+1
from logstash-filter-grok.
sergunSpb
commented on July 20, 2024
Hi devs,
really needs this feature.
from logstash-filter-grok.
thadumi
commented on July 20, 2024
Hi, I'm also looking for this feature.
Did someone find a solution?
from logstash-filter-grok.
torbajanos
commented on July 20, 2024
I'm also looking for this feature.
from logstash-filter-grok.
epacke
commented on July 20, 2024
Me too! And thanks for making logstash, it's great!
from logstash-filter-grok.
Erni
commented on July 20, 2024
It would definitely be a great feature, asked by many users already.
from logstash-filter-grok.
galiacheng
commented on July 20, 2024
I'm also looking for this feature.
from logstash-filter-grok.
ifleg
commented on July 20, 2024
+1
from logstash-filter-grok.
ifleg
commented on July 20, 2024
For those who are interested, I succeeded using the scan function in ruby !
I can extract the tags from modsecurity alerts using the following filter in logstash :
ruby {
code => "event.set('modsec.tags', event.get('message').scan(/(?<=\[tag \")[^\]]*(?=\"\])/))"
}
This identify ALL the tags in message and put them in the modsec.tags field.
from logstash-filter-grok.
Related Issues (20)
- Allow grok pattern to be passed in as a parameter HOT 3
- Memory leak on 5.x
- Ability to auto-sort match options by frequency of match HOT 1
- getting values as an array HOT 1
- remove_field not working HOT 2
- "Prefix" functionality for grok HOT 4
- Track number of failed matches when using multiple pattern per field
- Warn when patterns don't have anchors HOT 1
- Significant Performance Regression using Jruby Timeouts HOT 8
- Implement ECS-Compatibility Mode HOT 4
- Logstash pipeline to remove passwords from log data HOT 1
- Using event fileds in configuration options HOT 1
- pure ruby regexp <capture:int> coercion does not work
- captures with same name won't coerce properly
- Logstash for iis SMTP
- Incoherent behavior of field references with overwrite
- [Test Failure] Syslog grok tests are failing on Logstash 8.x
- Behaviour when pattern writes to same input field (without "overwrite" option) HOT 1
- Add property to limit backtracking
- Regression on grok is case of match failure HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from logstash-filter-grok.