Help with Grok Pattern extractor

Hi all,

I’m trying to extract database names from our log messages using Grok pattern extractor on that field. Our database names end with a “_v” and the path in the log looks something like this:
Here, “metadata_v” is the string that I’m trying to extract in order to use it as a key in my lookup table.

I’m just learning Grok and this is what I was able to come up with for achieving this:

but this returns table: “metadata” instead of “metadata_v”
Could anyone please tell me if there is a way to extract the whole string after the preceding “/” until “_v” so I can get the whole table name?
Your help would be really appreciated!


Hi Swarna,

you can create a new grok pattern for your tablename format, probably something like this:

TABLENAME with [a-z_]+_v

And change your extracting grok to:


Then it will capture also the _v

Hope that helps

1 Like

That worked. Thanks a lot for your help @jrunu !

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.