Docs: Fix & test more grok processor documentation (#49447)
The documentation contained a small error, as bytes and duration was not properly converted to a number and thus remained a string. The documentation is now also properly tested by providing a full blown simulate pipeline example.
This commit is contained in:
Alexander Reelsen
parent
0592b3c726
commit
6e751f5536
|
|
@ -68,53 +68,59 @@ include::common-options.asciidoc[]
|
||||||
Here is an example of using the provided patterns to extract out and name structured fields from a string field in
|
Here is an example of using the provided patterns to extract out and name structured fields from a string field in
|
||||||
a document.
|
a document.
|
||||||
|
|
||||||
[source,js]
|
[source,console]
|
||||||
--------------------------------------------------
|
--------------------------------------------------
|
||||||
|
POST _ingest/pipeline/_simulate
|
||||||
{
|
{
|
||||||
"message": "55.3.244.1 GET /index.html 15824 0.043"
|
"pipeline": {
|
||||||
}
|
"description" : "...",
|
||||||
--------------------------------------------------
|
"processors": [
|
||||||
// NOTCONSOLE
|
{
|
||||||
|
"grok": {
|
||||||
The pattern for this could be:
|
"field": "message",
|
||||||
|
"patterns": ["%{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes:int} %{NUMBER:duration:double}"]
|
||||||
[source,txt]
|
}
|
||||||
--------------------------------------------------
|
}
|
||||||
%{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration}
|
]
|
||||||
--------------------------------------------------
|
},
|
||||||
|
"docs":[
|
||||||
Here is an example pipeline for processing the above document by using Grok:
|
|
||||||
|
|
||||||
[source,js]
|
|
||||||
--------------------------------------------------
|
|
||||||
{
|
|
||||||
"description" : "...",
|
|
||||||
"processors": [
|
|
||||||
{
|
{
|
||||||
"grok": {
|
"_source": {
|
||||||
"field": "message",
|
"message": "55.3.244.1 GET /index.html 15824 0.043"
|
||||||
"patterns": ["%{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration}"]
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
--------------------------------------------------
|
--------------------------------------------------
|
||||||
// NOTCONSOLE
|
|
||||||
|
|
||||||
This pipeline will insert these named captures as new fields within the document, like so:
|
This pipeline will insert these named captures as new fields within the document, like so:
|
||||||
|
|
||||||
[source,js]
|
[source,console-result]
|
||||||
--------------------------------------------------
|
--------------------------------------------------
|
||||||
{
|
{
|
||||||
"message": "55.3.244.1 GET /index.html 15824 0.043",
|
"docs": [
|
||||||
"client": "55.3.244.1",
|
{
|
||||||
"method": "GET",
|
"doc": {
|
||||||
"request": "/index.html",
|
"_index": "_index",
|
||||||
"bytes": 15824,
|
"_type": "_doc",
|
||||||
"duration": "0.043"
|
"_id": "_id",
|
||||||
|
"_source" : {
|
||||||
|
"duration" : 0.043,
|
||||||
|
"request" : "/index.html",
|
||||||
|
"method" : "GET",
|
||||||
|
"bytes" : 15824,
|
||||||
|
"client" : "55.3.244.1",
|
||||||
|
"message" : "55.3.244.1 GET /index.html 15824 0.043"
|
||||||
|
},
|
||||||
|
"_ingest": {
|
||||||
|
"timestamp": "2016-11-08T19:43:03.850+0000"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
}
|
}
|
||||||
--------------------------------------------------
|
--------------------------------------------------
|
||||||
// NOTCONSOLE
|
// TESTRESPONSE[s/2016-11-08T19:43:03.850\+0000/$body.docs.0.doc._ingest.timestamp/]
|
||||||
|
|
||||||
[[custom-patterns]]
|
[[custom-patterns]]
|
||||||
==== Custom Patterns
|
==== Custom Patterns
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue