Hi all,
I’m trying to extract database names from our log messages using Grok pattern extractor on that field. Our database names end with a “_v” and the path in the log looks something like this:
/sys/hadp/apollo/metadata_v/snapshot...
Here, “metadata_v” is the string that I’m trying to extract in order to use it as a key in my lookup table.
I’m just learning Grok and this is what I was able to come up with for achieving this:
%{GREEDYDATA:prefix}/%{GREEDYDATA:table}_v/%{GREEDYDATA:postfix}
but this returns table: “metadata” instead of “metadata_v”
Could anyone please tell me if there is a way to extract the whole string after the preceding “/” until “_v” so I can get the whole table name?
Your help would be really appreciated!
Thanks,
Swarna