I'm really hoping I'm doing something silly and just can't see the problem... this would be trivial in Perl or other languages. Apparently backreferences are supported in grok https://grokconstructor.appspot.com/RegularExpressionSyntax.txt, but I can't make them work. I need to match on something basic:
identifier - Static Text identifier Rest Of Line
So my grok expression would be something like:
%{DATA:id_name} - Static Text \1 %{GREEDYDATA:rest_of_line}
But using http://grokdebug.herokuapp.com/ always produces a compile error. If I use any of the \k notation, same thing. I've tried wrapping the first variable in parentheses, double backslashes, random permutations, can't make it work.
Any help would be much appreciated. Thanks!
I don't think that the %{DATA:id_name} produces a named capture that you can use with custom regex back references. Instead, you could wrap %{DATA} in a named capture and then back reference to it, like so:
(?<id_name>%{DATA}) - Static Text \k<id_name> %{GREEDYDATA:rest_of_line}