Custom Grok pattern


(Alain) #1

Hi all,

I’m looking for making a dashboard with datas coming from PLCs.

Theese datas look like

[{"tag":"DO_SIMU[199].1","value":"False","time":"2018-09-05T14:35:09.1189226+02:00"}]
[{"tag":"DO_SIMU[199].2","value":"True","time":"2018-10-05T14:35:09.1189226+02:00"}]
[{"tag":"asefsfdfsd","value":"135","time":"2018-09-05T14:35:09.1189226+02:00"}]
[{"tag":"tit.1","value":"152.551","time":"2018-09-05T14:35:09.1189226+02:00"}]
[{"tag":"DO_SIMU[1].2551","value":"False","time":"6454-09-05T14:35:09.1189226+02:00"}]
[{"tag":"kfmdsfsmdlf.i1","value":"maman","time":"2018-09-05T14:35:09.1189226+15:251"}]

I have to create for each line a variable called with the value of tag (DO_SIMU[199].1 or kfmdsfsmdlf.i1 for example) and to put in this value the value of value

This last step seems to be easy with json

So I’m looking for create a grok pattern that just return me something like

{"DO_SIMU[199].1":"False"}

excluding all the rest.

If somebody have an idea, I thank him in advance.


Create a field which name is the value from another on
(Alain) #2

I progressed since.

With a 1st pattern ( ^[[^]]) I created an intermediate field who’s the same without the square brakets.
On this intermediate field, I applied (\A{%{QS}:%{QS:xxx_tag},%{QS}:%{QS:xxx_value},%{QS}:%{QS}}) with only the named tags.
So I now have two fields : xxx_tag and xxx_value


(system) #3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.