Track number of failed matches when using multiple pattern per field

logstash-plugins / logstash-filter-grok

Grok plugin to parse unstructured (log) data into something structured.

https://www.elastic.co/guide/en/logstash/current/plugins-filters-grok.html

Apache License 2.0

122 stars 97 forks source link

Track number of failed matches when using multiple pattern per field #150

Open jsvd opened 4 years ago

jsvd commented 4 years ago

when matching one field with multiple patterns, like:

  grok {
    match => {
      "message" => [
        "%{NUMBER:data}",
        "%{WORD:data}",
        "%{DATE}"
      ]
    }
  }

It'd be useful to know how many times an event fails to match. this is specially useful if break_on_match is enabled (which is by default). Knowing this can help the user reorder the expressions if the specificity allows to improve performance.