0

Please see image. How the heck do you get a simple [a-zA-Z] expression to work in the KIBANA X-Pack Grok debugger? I've tried several flavors and have ran the regex just fine in normal regex testing environments where it finds all that I need but this debugger wants something that I cannot figure out. Again this is a CUSTOM regular expression not the pre-built ones.

screenshot

  • [a-z]
  • [A-Z]
  • [a-zA-Z]
  • ([a-zA-Z]+)

and more

edjm
  • 4,830
  • 7
  • 36
  • 65

1 Answers1

1

The first box is the data string, the second box is the pattern and the last box is where you define custom patterns. You have no pattern and the syntax for defining a custom pattern is wrong.

In the second box type

%{MY_REGEX:results}

In the third box type

MY_REGEX [a-z]

This creates a new pattern called MY_REGEX which can be used in the actual search pattern.

Example screenshot

That matches the first character of the data, which is unlikely to be what was intended, but that should get you started.

See also https://www.elastic.co/guide/en/kibana/current/grokdebugger-getting-started.html#grokdebugger-custom-patterns

JJJ
  • 32,902
  • 20
  • 89
  • 102
  • Thank you very much. I have been using the 5.5.0 Grok debugger and it appears to have a bug because it does not work in it. However this does work on the online Grok Debuggers which I'm assuming is a newer version. I'm updating mine to 5.5.2 to see if it works there. – edjm Dec 11 '17 at 20:44
  • Never mind it works fine. The site I was using must be doing some translation to convert what I have to JSON format. I have it working now in Kibana. e.g. {"my_regex" : "[a-z]"} – edjm Dec 11 '17 at 21:07