7,540
edits
Changes
→match
<br>
==== match ====
Grok assumes that each element is separated by a single space in the log files. In the matchsection, you have to write a regular expression from using grok building cubes. It is assumed that each element is separated by a pause in the logblocks. Each build cube building block has the shape format: '''% {PATTERN NAME}''' where PATTERN NAME must exist be an existing pattern predefined in a pattern collectiongrok. The most common type is '''% {DATA}''', which refers to an arbitrary data structure that does not contain a breakno withe-space. There are several compound patterns that are combined build up from multiple elementary other patterns. If you want the regular expression described by the pattern to be a result group, you must name the patterns, for example:
<pre>
% {DATA} this_is_the_name
</Pre>
The value result of the field found by the pattern regular expression will then be included in assigned to the variable '''this_is_the_name''', which can be referenced when defining the value of the metric or when producing the metrics label.
<br>
==== labels ====
You can refer to patterns named in the labels section. This will give the value of the field parsed from the given log string to the defined label. For example, using '''% {DATA: this_is_the_name}''' pattern, you could write the following tag: <br>
