logstash-filter-grok 4.4.1 → 4.4.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/docs/index.asciidoc +30 -0
- data/logstash-filter-grok.gemspec +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0d8ab6e291bb1b8412aa14aeba1e555b848ea04473c5e1b16672ef102751f828
|
|
4
|
+
data.tar.gz: db3d113bbb82463cc35036cb0680e91932dbd53dd456cb3a65f5eb79db544fbb
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 05d8ebab39fd928e10bd84b6586574fe0583b7a93b8692824ba3bdf0e197969b5c6532eb7d69aa0e703afe0836d17ddd5677fd9dbd09bfcdd955a836f1268ffe
|
|
7
|
+
data.tar.gz: 65bd577d0cc170883fba3ee5ca88f047aec62a03affd4bc63cc23708a660f4f2e8dfa18bdd0bce6cbde613975d20c0c7415e8a97f6eea4dfdbd264ea032c7ed2
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
## 4.4.2
|
|
2
|
+
- Clarify the definition of matches that depend on previous captures [#169](https://github.com/logstash-plugins/logstash-filter-grok/pull/169)
|
|
3
|
+
|
|
1
4
|
## 4.4.1
|
|
2
5
|
- Added preview of ECS v8 support using existing ECS v1 implementation [#175](https://github.com/logstash-plugins/logstash-filter-grok/pull/175)
|
|
3
6
|
|
data/docs/index.asciidoc
CHANGED
|
@@ -281,6 +281,36 @@ If you need to match multiple patterns against a single field, the value can be
|
|
|
281
281
|
}
|
|
282
282
|
}
|
|
283
283
|
}
|
|
284
|
+
|
|
285
|
+
To perform matches on multiple fields just use multiple entries in the `match` hash:
|
|
286
|
+
|
|
287
|
+
[source,ruby]
|
|
288
|
+
filter {
|
|
289
|
+
grok {
|
|
290
|
+
match => {
|
|
291
|
+
"speed" => "Speed: %{NUMBER:speed}"
|
|
292
|
+
"duration => "Duration: %{NUMBER:duration}"
|
|
293
|
+
}
|
|
294
|
+
}
|
|
295
|
+
}
|
|
296
|
+
|
|
297
|
+
However, if one pattern depends on a field created by a previous pattern, separate these into two separate grok filters:
|
|
298
|
+
|
|
299
|
+
|
|
300
|
+
[source,ruby]
|
|
301
|
+
filter {
|
|
302
|
+
grok {
|
|
303
|
+
match => {
|
|
304
|
+
"message" => "Hi, the rest of the message is: %{GREEDYDATA:rest}"
|
|
305
|
+
}
|
|
306
|
+
}
|
|
307
|
+
grok {
|
|
308
|
+
match => {
|
|
309
|
+
"rest => "a number %{NUMBER"number}, and a word %{WORD:word}"
|
|
310
|
+
}
|
|
311
|
+
}
|
|
312
|
+
}
|
|
313
|
+
|
|
284
314
|
|
|
285
315
|
[id="plugins-{type}s-{plugin}-named_captures_only"]
|
|
286
316
|
===== `named_captures_only`
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
s.name = 'logstash-filter-grok'
|
|
3
|
-
s.version = '4.4.
|
|
3
|
+
s.version = '4.4.2'
|
|
4
4
|
s.licenses = ['Apache License (2.0)']
|
|
5
5
|
s.summary = "Parses unstructured event data into fields"
|
|
6
6
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-filter-grok
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.4.
|
|
4
|
+
version: 4.4.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Elastic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-05-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|