Test Grok pattern API
editTest Grok pattern API
editTests a Grok pattern on lines of text, see also Grokking grok.
Request
editGET _text_structure/test_grok_pattern
POST _text_structure/test_grok_pattern
Description
editThe test Grok pattern API allows you to execute a Grok pattern on one or more lines of text. It returns whether the lines match the pattern together with the offsets and lengths of the matched substrings.
Query parameters
edit-
ecs_compatibility -
(Optional, string) The mode of compatibility with ECS compliant Grok patterns.
Use this parameter to specify whether to use ECS Grok patterns instead of
legacy ones when the structure finder creates a Grok pattern. Valid values
are
disabledandv1. The default value isdisabled.
Request body
edit-
grok_pattern - (Required, string) The Grok pattern to run on the lines of text.
-
text - (Required, array of strings) The lines of text to run the Grok pattern on.
Examples
editresp = client.text_structure.test_grok_pattern(
grok_pattern="Hello %{WORD:first_name} %{WORD:last_name}",
text=[
"Hello John Doe",
"this does not match"
],
)
print(resp)
response = client.text_structure.test_grok_pattern(
body: {
grok_pattern: 'Hello %{WORD:first_name} %{WORD:last_name}',
text: [
'Hello John Doe',
'this does not match'
]
}
)
puts response
const response = await client.textStructure.testGrokPattern({
grok_pattern: "Hello %{WORD:first_name} %{WORD:last_name}",
text: ["Hello John Doe", "this does not match"],
});
console.log(response);
GET _text_structure/test_grok_pattern
{
"grok_pattern": "Hello %{WORD:first_name} %{WORD:last_name}",
"text": [
"Hello John Doe",
"this does not match"
]
}
The API returns the following response:
{
"matches": [
{
"matched": true,
"fields": {
"first_name": [
{
"match": "John",
"offset": 6,
"length": 4
}
],
"last_name": [
{
"match": "Doe",
"offset": 11,
"length": 3
}
]
}
},
{
"matched": false
}
]
}