Parsing issue with grok pattern

alias · 2018-07-04 14:17:54 UTC

HI,

I parse any logs. When I use the IP grok pattern, it create a IPV4 field.

In my grok pattern in the extractor input, I do %{IP:assetIp} but the extractor create two field : IPV4 and assetIP.

How to do for not display the base grok pattern field name ?

Thanks

jochen · 2018-07-04 14:22:21 UTC

Enable the “Named captures only” setting in the Grok extractor configuration.

alias · 2018-07-04 14:27:04 UTC

Oh thanks, I’ve not see this …

This topic can be closed

system · 2018-07-18 14:27:04 UTC

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.