elasticsearch-grok模式只匹配第一个结果,而不是将所有匹配项存储在一个数组中

lrl1mhuk  于 2021-06-13  发布在  ElasticSearch
关注(0)|答案(0)|浏览(307)

我需要将所有匹配项存储在一个数组中,但grok只匹配第一个结果,而忽略其余结果。我怎样才能做到这一点?
我在模拟摄取管道
管道:

  1. {
  2.     "pipeline": {
  3.     "description": "My pretty pipeline",
  4.     "processors": [
  5.         {
  6.             "grok": {
  7.                 "field": "message",
  8.                 "patterns": [
  9.                     "(?m)(?<target>this) %{GREEDYDATA:notTarget}"
  10.                 ]
  11.             }
  13.         }
  14.     ]
  15.     },
  16.     "docs": [
  17.         {
  18.             "_index": "my-index",
  19.             "_id": "my-id",
  20.             "_source": {
  21.             "message": "this is test number 1 this is test number two this is test number three"
  22.             }
  23.         }
  24.     ]
  25. }

答复:

  1. {
  2.   "docs" : [
  3.     {
  4.       "doc" : {
  5.         "_index" : "my-index",
  6.         "_type" : "_doc",
  7.         "_id" : "my-id",
  8.         "_source" : {
  9.           "message" : "this is test number 1 this is test number two this is test number three",
  10.           "notTarget" : "is test number 1 this is test number two this is test number three",
  11.           "target" : "this"
  12.         },
  13.         "_ingest" : {
  14.           "timestamp" : "2020-12-24T20:03:04.730118584Z"
  15.         }
  16.       }
  17.     }
  18.   ]
  19. }
elasticsearchlogstashelklogstash-grok

暂无答案!

目前还没有任何答案,快来回答吧!

我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com