Grok ingest processor: add anchoring to pattern examples

hackery · hackery · commit feac58687179 · 2025-10-06T20:34:38.000+01:00
Signed-off-by: James Beckett &lt;308470+hackery@users.noreply.github.com&gt;
diff --git a/_ingest-pipelines/processors/grok.md b/_ingest-pipelines/processors/grok.md
@@ -71,7 +71,7 @@ PUT _ingest/pipeline/log_line
     {
       "grok": {
         "field": "message",
-        "patterns": ["%{IPORHOST:clientip} %{HTTPDATE:timestamp} %{NUMBER:response_status:int}"]
+        "patterns": ["^%{IPORHOST:clientip} %{HTTPDATE:timestamp} %{NUMBER:response_status:int}"]
       }
     }
   ]
@@ -160,7 +160,7 @@ PUT _ingest/pipeline/log_line
     {
       "grok": {
         "field": "message",
-        "patterns": ["The issue number %{NUMBER:issue_number} is %{STATUS:status}"],
+        "patterns": ["^The issue number %{NUMBER:issue_number} is %{STATUS:status}"],
         "pattern_definitions" : {
           "NUMBER" : "\\d{3,4}",
           "STATUS" : "open|closed"
@@ -184,7 +184,7 @@ PUT _ingest/pipeline/log_line
     {  
       "grok": {  
         "field": "message",  
-        "patterns": ["%{HTTPDATE:timestamp} %{IPORHOST:clientip}", "%{IPORHOST:clientip} %{HTTPDATE:timestamp} %{NUMBER:response_status:int}"],  
+        "patterns": ["^%{HTTPDATE:timestamp} %{IPORHOST:clientip}", "%{IPORHOST:clientip} %{HTTPDATE:timestamp} %{NUMBER:response_status:int}"],
         "trace_match": true  
       }  
     }  

Original file line number	Diff line number	Diff line change
`@@ -71,7 +71,7 @@ PUT _ingest/pipeline/log_line`
`71`	`71`	`{`
`72`	`72`	`"grok": {`
`73`	`73`	`"field": "message",`
`74`		`- "patterns": ["%{IPORHOST:clientip} %{HTTPDATE:timestamp} %{NUMBER:response_status:int}"]`
	`74`	`+ "patterns": ["^%{IPORHOST:clientip} %{HTTPDATE:timestamp} %{NUMBER:response_status:int}"]`
`75`	`75`	`}`
`76`	`76`	`}`
`77`	`77`	`]`
`@@ -160,7 +160,7 @@ PUT _ingest/pipeline/log_line`
`160`	`160`	`{`
`161`	`161`	`"grok": {`
`162`	`162`	`"field": "message",`
`163`		`- "patterns": ["The issue number %{NUMBER:issue_number} is %{STATUS:status}"],`
	`163`	`+ "patterns": ["^The issue number %{NUMBER:issue_number} is %{STATUS:status}"],`
`164`	`164`	`"pattern_definitions" : {`
`165`	`165`	`"NUMBER" : "\\d{3,4}",`
`166`	`166`	`"STATUS" : "open\|closed"`
`@@ -184,7 +184,7 @@ PUT _ingest/pipeline/log_line`
`184`	`184`	`{`
`185`	`185`	`"grok": {`
`186`	`186`	`"field": "message",`
`187`		`- "patterns": ["%{HTTPDATE:timestamp} %{IPORHOST:clientip}", "%{IPORHOST:clientip} %{HTTPDATE:timestamp} %{NUMBER:response_status:int}"],`
	`187`	`+ "patterns": ["^%{HTTPDATE:timestamp} %{IPORHOST:clientip}", "%{IPORHOST:clientip} %{HTTPDATE:timestamp} %{NUMBER:response_status:int}"],`
`188`	`188`	`"trace_match": true`
`189`	`189`	`}`
`190`	`190`	`}`