Test a Grok pattern
Added in 8.13.0
Test a Grok pattern on one or more lines of text. The API indicates whether the lines match the pattern together with the offsets and lengths of the matched substrings.
Query parameters
-
ecs_compatibility
string The mode of compatibility with ECS compliant Grok patterns. Use this parameter to specify whether to use ECS Grok patterns instead of legacy ones when the structure finder creates a Grok pattern. Valid values are
disabledandv1.
Body
Required
-
grok_pattern
string Required -
text
array[string] Required The lines of text to run the Grok pattern on.
GET
/_text_structure/test_grok_pattern
curl \
--request GET 'http://api.example.com/_text_structure/test_grok_pattern' \
--header "Authorization: $API_KEY" \
--header "Content-Type: application/json" \
--data '"{\n \"grok_pattern\": \"Hello %{WORD:first_name} %{WORD:last_name}\",\n \"text\": [\n \"Hello John Doe\",\n \"this does not match\"\n ]\n}"'
Request example
Run `GET _text_structure/test_grok_pattern` to test a Grok pattern.
{
"grok_pattern": "Hello %{WORD:first_name} %{WORD:last_name}",
"text": [
"Hello John Doe",
"this does not match"
]
}
Response examples (200)
A successful response from `GET _text_structure/test_grok_pattern`.
{
"matches": [
{
"matched": true,
"fields": {
"first_name": [
{
"match": "John",
"offset": 6,
"length": 4
}
],
"last_name": [
{
"match": "Doe",
"offset": 11,
"length": 3
}
]
}
},
{
"matched": false
}
]
}