Why does regex which works in tester not work in grok debugger?

Asked Sep 24 '19 at 13:32

Active Sep 24 '19 at 13:32

Viewed 19 times

I just started to use Logstash recently. I got a log message example:

\u0000Sp?\u0002\u0001A\u0000Sr?)\u0004£\u000Ex-opt-jms-destQ\u0001£\u0012x-opt-jms-msg-typeQ\u0005\u0000Ss?\u0000\u0000\u0000W\u0000\u0000\u0000\n¡0ID:06ecf56f-d295-4458-a981-d5badbb5b1a7:1:1:1-95@¡\u000Ftopic://MyTopic@@@@@@\u0083\u0000\u0000\u0001m^£\u0019\u0087\u0000Sw¡9This is a test message sent out at 2019-09-23 17:00:10 PM

I want to extract the message This is a test message sent out at 2019-09-23 17:00:10 PM. I tried the regex This.* and test it in the online regex tester.

While when I use the same regex (?<user_agent>[This.*]) in the grok debugger, it can only extract one character s.

{
  "user_agent": [
    [
      "s"
    ]
  ]
}

Anybody knows how to solve this?

asked Sep 24 '19 at 13:32

Coding_Rabbit

Why did you change the pattern inside the named capturing group? Use it as you had it: `(?This.*)` – Wiktor Stribiżew Sep 24 '19 at 13:36
Thanks for your answer! Solved. Should I close the question? – Coding_Rabbit Sep 24 '19 at 13:39

Why does regex which works in tester not work in grok debugger?

0 Answers0