Test Grok pattern APIedit
Tests a Grok pattern on lines of text, see also Grokking grok.
Requestedit
GET _text_structure/test_grok_pattern
POST _text_structure/test_grok_pattern
Descriptionedit
The test Grok pattern API allows you to execute a Grok pattern on one or more lines of text. It returns whether the lines match the pattern together with the offsets and lengths of the matched substrings.
Query parametersedit
-
ecs_compatibility
-
(Optional, string) The mode of compatibility with ECS compliant Grok patterns.
Use this parameter to specify whether to use ECS Grok patterns instead of
legacy ones when the structure finder creates a Grok pattern. Valid values
are
disabled
andv1
. The default value isdisabled
.
Request bodyedit
-
grok_pattern
- (Required, string) The Grok pattern to run on the lines of text.
-
text
- (Required, array of strings) The lines of text to run the Grok pattern on.
Examplesedit
GET _text_structure/test_grok_pattern { "grok_pattern": "Hello %{WORD:first_name} %{WORD:last_name}", "text": [ "Hello John Doe", "this does not match" ] }
The API returns the following response:
{ "matches": [ { "matched": true, "fields": { "first_name": [ { "match": "John", "offset": 6, "length": 4 } ], "last_name": [ { "match": "Doe", "offset": 11, "length": 3 } ] } }, { "matched": false } ] }