elasticsearch-grok模式只匹配第一个结果，而不是将所有匹配项存储在一个数组中

lrl1mhuk 于 2021-06-13 发布在 ElasticSearch

关注(0)|答案(0)|浏览(275)

我需要将所有匹配项存储在一个数组中，但grok只匹配第一个结果，而忽略其余结果。我怎样才能做到这一点？
我在模拟摄取管道
管道：

{
    "pipeline": {
    "description": "My pretty pipeline",
    "processors": [
        {
            "grok": {
                "field": "message",
                "patterns": [
                    "(?m)(?<target>this) %{GREEDYDATA:notTarget}"
                ]
            }

        }
    ]
    },
    "docs": [
        {
            "_index": "my-index",
            "_id": "my-id",
            "_source": {
            "message": "this is test number 1 this is test number two this is test number three"
            }
        }
    ]
}

答复：

{
  "docs" : [
    {
      "doc" : {
        "_index" : "my-index",
        "_type" : "_doc",
        "_id" : "my-id",
        "_source" : {
          "message" : "this is test number 1 this is test number two this is test number three",
          "notTarget" : "is test number 1 this is test number two this is test number three",
          "target" : "this"
        },
        "_ingest" : {
          "timestamp" : "2020-12-24T20:03:04.730118584Z"
        }
      }
    }
  ]
}

elasticsearch logstash elk logstash-grok

来源：https://stackoverflow.com/questions/65443923/elastic-search-grok-pattern-only-matching-first-result-instead-of-storing-all

暂无答案！

目前还没有任何答案，快来回答吧！

我来回答

elasticsearch-grok模式只匹配第一个结果，而不是将所有匹配项存储在一个数组中

暂无答案！

相关问题

热门标签

最新问答