Hi, I think that's not possible with Grok, but you could try to use the Tokenizer converter (create a Copy Input extractor, then select the Tokenizer converter) for this.
Cheers, Jochen On Wednesday, 31 August 2016 14:19:39 UTC+2, AForton wrote: > > Is it possible to extract dynamic field name with grok? For instance, I > have the following message: > > Test message key=value key_1=value_1 key_2=value_2 ... etc > > The number n in key_n=value_n is not specified and may vary from message > to message. I need to extract all fields but with key1 and key3: > > key=value > key_2=value_2 > key_4=value_4 > key_5=value_5 > key_6=value_6 > //etc... > > How can I do this? Is it possible to do with GROK? > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/62edc02e-a2a8-4550-8263-db9b447e8757%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
