logstash-filter-grok 4.4.1 → 4.4.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/docs/index.asciidoc +30 -0
- data/logstash-filter-grok.gemspec +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 45c96098138161dbffb283c5ea58e208a4198bd54214fd8df8b5364852f128ee
|
|
4
|
+
data.tar.gz: 8d0ed22a7cf62e79450dbd5dd9dd294ed9e93d525f43f09b3082049f1c00f2ea
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bc40361bccfe01770ef52e620dc6be33aba32dae7bd658a146848ca7f38bd261f37cfb8611b011ae0d65cdad113da3652959e2aa2ca34200fb5132f12f3a3782
|
|
7
|
+
data.tar.gz: 4dc7be4506984f3f64120851e0932d83935a044912fdbcede21f9729ad07ef25ba9c2c8877b0cac2ae390abd55125aeb554cc05541298e469ddad4a928a5f9fb
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,9 @@
|
|
|
1
|
+
## 4.4.3
|
|
2
|
+
- Minor typos in docs examples [#176](https://github.com/logstash-plugins/logstash-filter-grok/pull/176)
|
|
3
|
+
|
|
4
|
+
## 4.4.2
|
|
5
|
+
- Clarify the definition of matches that depend on previous captures [#169](https://github.com/logstash-plugins/logstash-filter-grok/pull/169)
|
|
6
|
+
|
|
1
7
|
## 4.4.1
|
|
2
8
|
- Added preview of ECS v8 support using existing ECS v1 implementation [#175](https://github.com/logstash-plugins/logstash-filter-grok/pull/175)
|
|
3
9
|
|
data/docs/index.asciidoc
CHANGED
|
@@ -281,6 +281,36 @@ If you need to match multiple patterns against a single field, the value can be
|
|
|
281
281
|
}
|
|
282
282
|
}
|
|
283
283
|
}
|
|
284
|
+
|
|
285
|
+
To perform matches on multiple fields just use multiple entries in the `match` hash:
|
|
286
|
+
|
|
287
|
+
[source,ruby]
|
|
288
|
+
filter {
|
|
289
|
+
grok {
|
|
290
|
+
match => {
|
|
291
|
+
"speed" => "Speed: %{NUMBER:speed}"
|
|
292
|
+
"duration" => "Duration: %{NUMBER:duration}"
|
|
293
|
+
}
|
|
294
|
+
}
|
|
295
|
+
}
|
|
296
|
+
|
|
297
|
+
However, if one pattern depends on a field created by a previous pattern, separate these into two separate grok filters:
|
|
298
|
+
|
|
299
|
+
|
|
300
|
+
[source,ruby]
|
|
301
|
+
filter {
|
|
302
|
+
grok {
|
|
303
|
+
match => {
|
|
304
|
+
"message" => "Hi, the rest of the message is: %{GREEDYDATA:rest}"
|
|
305
|
+
}
|
|
306
|
+
}
|
|
307
|
+
grok {
|
|
308
|
+
match => {
|
|
309
|
+
"rest" => "a number %{NUMBER:number}, and a word %{WORD:word}"
|
|
310
|
+
}
|
|
311
|
+
}
|
|
312
|
+
}
|
|
313
|
+
|
|
284
314
|
|
|
285
315
|
[id="plugins-{type}s-{plugin}-named_captures_only"]
|
|
286
316
|
===== `named_captures_only`
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
s.name = 'logstash-filter-grok'
|
|
3
|
-
s.version = '4.4.
|
|
3
|
+
s.version = '4.4.3'
|
|
4
4
|
s.licenses = ['Apache License (2.0)']
|
|
5
5
|
s.summary = "Parses unstructured event data into fields"
|
|
6
6
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-filter-grok
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.4.
|
|
4
|
+
version: 4.4.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Elastic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-10-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|