This documentation contains work-in-progress information for future Elastic Stack and Cloud releases. Use the version selector to view supported release docs. It also contains some Elastic Cloud serverless information. Check out our serverless docs for more details.
« Find text structure API Transform APIs »
Elastic Docs Elasticsearch Guide [8.16] REST APIs Text structure APIs

Test Grok pattern API

edit

Test Grok pattern API

edit

Tests a Grok pattern on lines of text, see also Grokking grok.

Request

edit

GET _text_structure/test_grok_pattern

POST _text_structure/test_grok_pattern

Description

edit

The test Grok pattern API allows you to execute a Grok pattern on one or more lines of text. It returns whether the lines match the pattern together with the offsets and lengths of the matched substrings.

Query parameters

edit
ecs_compatibility
(Optional, string) The mode of compatibility with ECS compliant Grok patterns. Use this parameter to specify whether to use ECS Grok patterns instead of legacy ones when the structure finder creates a Grok pattern. Valid values are disabled and v1. The default value is disabled.

Request body

edit
grok_pattern
(Required, string) The Grok pattern to run on the lines of text.
text
(Required, array of strings) The lines of text to run the Grok pattern on.

Examples

edit
resp = client.text_structure.test_grok_pattern(
    grok_pattern="Hello %{WORD:first_name} %{WORD:last_name}",
    text=[
        "Hello John Doe",
        "this does not match"
    ],
)
print(resp)
response = client.text_structure.test_grok_pattern(
  body: {
    grok_pattern: 'Hello %{WORD:first_name} %{WORD:last_name}',
    text: [
      'Hello John Doe',
      'this does not match'
    ]
  }
)
puts response
const response = await client.textStructure.testGrokPattern({
  grok_pattern: "Hello %{WORD:first_name} %{WORD:last_name}",
  text: ["Hello John Doe", "this does not match"],
});
console.log(response);
GET _text_structure/test_grok_pattern
{
  "grok_pattern": "Hello %{WORD:first_name} %{WORD:last_name}",
  "text": [
    "Hello John Doe",
    "this does not match"
  ]
}

The API returns the following response:

{
  "matches": [
    {
      "matched": true,
      "fields": {
        "first_name": [
          {
            "match": "John",
            "offset": 6,
            "length": 4
          }
        ],
        "last_name": [
          {
            "match": "Doe",
            "offset": 11,
            "length": 3
          }
        ]
      }
    },
    {
      "matched": false
    }
  ]
}
« Find text structure API Transform APIs »