how to match first regex occurrence using grok filter

my logs are in the following format my.package.name classname: my_message

I would like to cut the class perfix .

for example:

com.example.Handler doPost: request received, jim:jay foo: bar

convert to:

request received, jim:jay foo: bar

I tied this

filter {
  grok {
    match => {"message" => "^(.*):%{GREEDYDATA:request}"}
  }
}

output { stdout { codec => rubydebug  }}

but this is what I get:

{
       "request" => " bar",
       "message" => "com.example.Handler doPost:  request  received, jim:jay foo: bar"
       ...
}

seems like grok matches by last regex occurrence.

how can I match by first : occurrence?

Solution

Use a reluctant .* by using .*?. A normal .* will match as much as it can while a reluctant .*? will match as little as it can.

Fun fact: The logstash grok DATA patterns are

DATA .*?
GREEDYDATA .*

So you can define your pattern as

^%{DATA}:%{GREEDYDATA:request}

barplot multiple aggregation
Start a PowerShell script in R via system2()
plot from sankeyNetwork in networkD3 does not show output (issue is not number of unique nodes)
"Target position can only be set for new windows" in chromote in R
Extract the correct data type in a PDF table
Time conversion in R
Comparing the values of a certain number previous rows with the current row
Run a single test function in R's testthat
rpart package installation in R
An efficient way to assign value based on a min-max range and category
Change output of the `purrr::map` function
osmdata_sf returns failed to perform HTTP request curl::curl_fetch_memory() error in R?
Comparing nls() to nls2() - what am I doing wrong
How to add "variables grid" below ggplot
How can I use predefined code snippets outside of code chunks in Quarto within RStudio/Posit?
Wrap text for collapse rows in KableExtra for a long table in R
Implementation of Breusch-Pagan test for random effects in plm with unbalanced panels
Finding a value of a dataset in different ones
Replicate matrix
Unexpected results after converting raster data from geographic to projected coordinate system using the terra package
How to remove rows by condition in R?
How do I add an alias for magrittr pipe from R in vscode
Package ‘neuralnet’ in R, rectified linear unit (ReLU) activation function?
Reticulate with pywin32, a dependency of xlwings, not found when sourcing python script from R
Sub-subtitle in a graph made with `ggplot2`
How can I execute a statement and ignore warnings with tryCatch?
Enumerate events where n consecutive values are not NA
Serialize/deserialize a column with R and DuckDB
How can I structure my sapflow data to analyze using "TREX" package in R?
Putting multiple plots on the same page in R?