The grok filter with multi-values

Description

so,if my log is as this:
this is 1,this is 2,this is 3
this is 2,this is 7
this is 9
and my pattern is as this:
PATTEN_TEST this is \d+
but in the log ,I really don't konw how much "this is "will be,but I want to print all the "this is",what should I do?
in the .conf file,I just use like this:
filter {
grok {
patterns_dir => "./patterns"
type => "test"
pattern => "[(%{PATTERN_TEST:test1}){1,10}]"
keep_empty_captures => true
}
}
but the result is like this:
{
"@source" => "file://Briant.Bao//Graphite/logstashtest/logs/test.txt",
"@tags" => [],
"@fields" => {
"test1" => [
[0] "this is 6"
]
},
"@timestamp" => "2013-06-13T06:04:17.049Z",
"@source_host" => "Briant.Bao",
"@source_path" => "//Graphite/logstashtest/logs/test.txt",
"@message" => "[this is 3,this is 4,this is 6]",
"@type" => "test"
}
it only return the last match value,How can I get the all three values?

Activity

Show:
Jason Kendall
March 5, 2014, 5:40 PM

Can you test this in 1.3.3? There is a new field handler and it might create an array of matches (not sure).

Aaron Mildenstein
February 6, 2015, 9:53 PM

No response from original reporter in over 11 months. Closing as "Incomplete"

If a new issue with grok arises, please raise it at https://github.com/logstash-plugins/logstash-filter-grok/issues

Assignee

Logstash Developers

Reporter

Briant Bao

Labels

Affects versions

Configure