Azure - Grok pattern (regex) to filter data from nested brackets

Naveen
May 20, 2022
209 views
0 votes
2 Answers

I’ve tried to apply grok pattern to filter nested brackets in the logs which is as below,

[2022-05-20T02:21:54.715] [INFO] [{"id":"876g4jd8v36w0dhna2","data":"fetching public base-plans ..."}]

My grok pattern looks like this. But here, I’m unable to parse nested brackets (brackets inside brackets). Any help is much appreciated, since I’m trying this for long.

[%{TIMESTAMP_ISO8601:time}] [%{WORD:logLevel}] [%{DATA:id}]

Answers

Chosen as BEST ANSWER
- Naveen
- May 20, 2022 at 3:18 pm
- 0 votes
0
Below is working fine and will filter as expected (regex)
```
filter {
  grok {
    match => { "message" => "[%{TIMESTAMP_ISO8601:time}] [%{WORD:logLevel}] [{"id":%{DATA:id},"data":%{DATA:response}]"}
  }
}
```

(Edit)

- sudhagarramesh
- May 20, 2022 at 2:38 pm
- 0 votes
0
This will be working fine.
```
[%{TIMESTAMP_ISO8601:time}] [%{WORD:logLevel}] [{"%{GREEDYDATA:id}"}]
```
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.

Azure – Grok pattern (regex) to filter data from nested brackets

Answers