Test Grok pattern APIedit
Tests a Grok pattern on lines of text, see also Grokking grok.
Requestedit
GET _text_structure/test_grok_pattern
POST _text_structure/test_grok_pattern
Descriptionedit
The test Grok pattern API allows you to execute a Grok pattern on one or more lines of text. It returns whether the lines match the pattern together with the offsets and lengths of the matched substrings.
Query parametersedit
-
ecs_compatibility -
(Optional, string) The mode of compatibility with ECS compliant Grok patterns.
Use this parameter to specify whether to use ECS Grok patterns instead of
legacy ones when the structure finder creates a Grok pattern. Valid values
are
disabledandv1. The default value isdisabled.
Request bodyedit
-
grok_pattern - (Required, string) The Grok pattern to run on the lines of text.
-
text - (Required, array of strings) The lines of text to run the Grok pattern on.
Examplesedit
GET _text_structure/test_grok_pattern
{
"grok_pattern": "Hello %{WORD:first_name} %{WORD:last_name}",
"text": [
"Hello John Doe",
"this does not match"
]
}
The API returns the following response:
{
"matches": [
{
"matched": true,
"fields": {
"first_name": [
{
"match": "John",
"offset": 6,
"length": 4
}
],
"last_name": [
{
"match": "Doe",
"offset": 11,
"length": 3
}
]
}
},
{
"matched": false
}
]
}