I am using the grok pattern to extract some data from file path, but it does not seem to work right
path: /home/shard/logstash/test/12/23/abc_132.log
pattern: %{GREEDYDATA}/%{INT:group}/%{INT:id}/%{DATA:job_type}(_%{UUID:uuid})*\.log
I want to extract 132 as the uuid field and it works ok when tested in grok debugger [http://grokdebug.herokuapp.com/] but when applied in logstash indexer, it fetches all of abc_132 under job_type field.
What may be the issue here and how can I extract uuid (perhaps a different regex?).
You can try to get the uuid from the job_type by using the ruby filter
Hope this can help you.