Logstash Grok pattern with double quotes Logstash Grok pattern with double quotes elasticsearch elasticsearch

Logstash Grok pattern with double quotes


regex elasticsearch logstash logstash-grok

If you escape " with backslash then it works fine.

%{NUMBER:ts} [......] (-|"%{USERNAME:token1}") (-|%{DATA:token2}) (-|"%{WORD:token3}") (-|"%{DATA:token4}")

Your new string will look like

%{NUMBER:ts} [......] (-|\"%{USERNAME:token1}\") (-|%{DATA:token2}) (-|\"%{WORD:token3}") (-|\"%{DATA:token4}\")

regex elasticsearch logstash logstash-grok

Changing the outer double quotes to single quotes instead did the trick for me:

grok {  match => { "message" => 'SOME "TEXT QUOTED"' }}

Hope it helps.

regex elasticsearch logstash logstash-grok

Try gsub after you have extracted the fields with quotes

filter {  mutate {    gsub => [      "fieldname", "\"", ""    ]  }}

https://www.elastic.co/guide/en/logstash/current/plugins-filters-mutate.html#plugins-filters-mutate-gsub

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last