I’m trying to create grok pattern to match $upstream_response_time Nginx variable.
It can be float if single upstream is used
It can be 2 floats if 2 upstreams are used
Or it can be dash, if request was proceeded without upstream
So far I came to the following regexp:
This pattern works in online regexp verification tools.
But it seems Graylog engine behaves in different way, so I get
Error We were not able to run the grok extraction because of the following error: named capturing group is missing trailing '>' near index 2286
Please advise how to deal with it