logstashlogstash-grok
How to take multiple values separated by spaces with grok
I have the following paragraph that arrives in an email and I want to take only those that are by CI
CI: CI14710 CI14727 CI14732 CI14741 OC14735 CI14744 Ends\n\n
I am trying to use the following regular expression
CI: (?<CI>[A-Za-z0-9_-]{1,})
but I only take the first
I tried with this other expression but the logstash fails me
CI: (?<CI>[A-Za-z0-9_-]{1,}.*)\\n\\n
it is not seen but they go dobele \ n
Solution
I tried the below pattern in Grok debugger and able to collect all the words starting with CI.
CI: (?<CI>[A-Za-z0-9_-]{1,}.*) %{GREEDYDATA:data}
Output screenshot:
You can drop the field data using the drop filter