below is my log line:
TPS Memory value: 123532K, 20210525 205953, ProcessInfo, Memory OOS
I try to get column "ProcessInfo" as "rulename" in kibana grok debugger but failed with [parse_exception] patterns below:
(?<rulename>(?<=TPS Memory value: \d+K, \d{8} \d{6}, )\w+)
How can I fix it?
By default, grok does not keep empty captures (cf. option: keep_empty_captures defaults to false).
You can simply use :
TPS Memory value: \d+K, \d{8} \d{6}, (?<rulename>\w+)