Hello everyone,
when i use GROK pattern on pipelines, i have the name of the pattern and the"{}".
My rules:
rule “grok quote extractor for message”
when
contains(to_string($message.message),“mp4split.fmp4”)
then
let result = grok(“%{QUOTEDSTRING:file}”,to_string($message.message));
set_field(“file”,result);
end
On my processed log :
Someone now how to remove it, to only keep the matched value of the GROK pattern ?
Regards