Hi How to write a grok expression for the below log
[2017-03-25T00:00:07,137][WARN ]
match => { "message" => "\[%{TIMESTAMP_ISO8601:timestamp}/]/[%{LOGLEVEL:log-level}\s*\]" }
Is this correct , how to write space in grok ? Thanks
Asked
Active
Viewed 2.2k times
10
user6826691
- 1,813
- 9
- 37
- 74
1 Answers
23
%{SPACE} is that pattern that matches 0 or more spaces, which is very useful if you don't know (or care!) if there will be a space or not.
fylie
- 1,675
- 1
- 10
- 14
-
Thanks! very usefull. Sometimes you don't notice that you have more spaces between log fields.... – Gianluca D'Ardia Jan 20 '18 at 19:12
-
try `%{SPACE}*` as mentioned [here](https://stackoverflow.com/a/56641572/1726026) – DZet Apr 02 '20 at 23:28
-
I was searching for the same .. found this works: \s+ – MagicBeans Apr 22 '20 at 06:28
-
trim every space until next character. Thank you! – yuliansen Jun 05 '20 at 09:39