Support nested fields as used in Logstash

Question

Support nested fields as used in Logstash

Opened this issue 2 years ago · 0 comments

Using grok variable names with [brackets] in them does not seem to work. This can make it harder to debug Logstash grok patterns as the brackets are used to define nested fields, e.g. [ingress][port].

Example

With sample:

[namespace/service-name:8080]

This works:

\[%{DATA:ingress_namespace}/%{DATA:ingress_service}:%{DATA:ingress_port}\]

This doesn't:

\[%{DATA:[ingress][namespace]}/%{DATA:[ingress][service]}:%{DATA:[ingress][port]}\]```