logstash-filter-grok 4.4.1 → 4.4.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/docs/index.asciidoc +30 -0
- data/logstash-filter-grok.gemspec +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 45c96098138161dbffb283c5ea58e208a4198bd54214fd8df8b5364852f128ee
|
|
4
|
+
data.tar.gz: 8d0ed22a7cf62e79450dbd5dd9dd294ed9e93d525f43f09b3082049f1c00f2ea
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bc40361bccfe01770ef52e620dc6be33aba32dae7bd658a146848ca7f38bd261f37cfb8611b011ae0d65cdad113da3652959e2aa2ca34200fb5132f12f3a3782
|
|
7
|
+
data.tar.gz: 4dc7be4506984f3f64120851e0932d83935a044912fdbcede21f9729ad07ef25ba9c2c8877b0cac2ae390abd55125aeb554cc05541298e469ddad4a928a5f9fb
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,9 @@
|
|
|
1
|
+
## 4.4.3
|
|
2
|
+
- Minor typos in docs examples [#176](https://github.com/logstash-plugins/logstash-filter-grok/pull/176)
|
|
3
|
+
|
|
4
|
+
## 4.4.2
|
|
5
|
+
- Clarify the definition of matches that depend on previous captures [#169](https://github.com/logstash-plugins/logstash-filter-grok/pull/169)
|
|
6
|
+
|
|
1
7
|
## 4.4.1
|
|
2
8
|
- Added preview of ECS v8 support using existing ECS v1 implementation [#175](https://github.com/logstash-plugins/logstash-filter-grok/pull/175)
|
|
3
9
|
|
data/docs/index.asciidoc
CHANGED
|
@@ -281,6 +281,36 @@ If you need to match multiple patterns against a single field, the value can be
|
|
|
281
281
|
}
|
|
282
282
|
}
|
|
283
283
|
}
|
|
284
|
+
|
|
285
|
+
To perform matches on multiple fields just use multiple entries in the `match` hash:
|
|
286
|
+
|
|
287
|
+
[source,ruby]
|
|
288
|
+
filter {
|
|
289
|
+
grok {
|
|
290
|
+
match => {
|
|
291
|
+
"speed" => "Speed: %{NUMBER:speed}"
|
|
292
|
+
"duration" => "Duration: %{NUMBER:duration}"
|
|
293
|
+
}
|
|
294
|
+
}
|
|
295
|
+
}
|
|
296
|
+
|
|
297
|
+
However, if one pattern depends on a field created by a previous pattern, separate these into two separate grok filters:
|
|
298
|
+
|
|
299
|
+
|
|
300
|
+
[source,ruby]
|
|
301
|
+
filter {
|
|
302
|
+
grok {
|
|
303
|
+
match => {
|
|
304
|
+
"message" => "Hi, the rest of the message is: %{GREEDYDATA:rest}"
|
|
305
|
+
}
|
|
306
|
+
}
|
|
307
|
+
grok {
|
|
308
|
+
match => {
|
|
309
|
+
"rest" => "a number %{NUMBER:number}, and a word %{WORD:word}"
|
|
310
|
+
}
|
|
311
|
+
}
|
|
312
|
+
}
|
|
313
|
+
|
|
284
314
|
|
|
285
315
|
[id="plugins-{type}s-{plugin}-named_captures_only"]
|
|
286
316
|
===== `named_captures_only`
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
s.name = 'logstash-filter-grok'
|
|
3
|
-
s.version = '4.4.
|
|
3
|
+
s.version = '4.4.3'
|
|
4
4
|
s.licenses = ['Apache License (2.0)']
|
|
5
5
|
s.summary = "Parses unstructured event data into fields"
|
|
6
6
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-filter-grok
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.4.
|
|
4
|
+
version: 4.4.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Elastic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-10-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|