github-mirrors/elasticsearch
1
0
Fork 0
mirror of https://github.com/elastic/elasticsearch.git synced 2025-04-24 23:27:25 -04:00
Code Issues Projects Releases Packages Wiki Activity

Fix broken link for grok patterns in documentation (#78878)

Browse source 
* Fix broken link for grok patterns in documentation

The current link for grok patterns does not exist anymore:

https://github.com/elastic/elasticsearch/blob/master/libs/grok/src/main/resources/patterns/grok-patterns

I have replaced it with:

https://github.com/elastic/elasticsearch/blob/master/libs/grok/src/main/resources/patterns/ecs-v1/grok-patterns

But I'm unsure if it is the right link as there is also a 'legacy' folder.

* Update link and add section for ECS migration

Co-authored-by: Adam Locke <adam.locke@elastic.co>
This commit is contained in:
Stéphane DERACO 2021-10-12 20:46:44 +02:00 committed by GitHub
parent 31e7cf98b1
commit dfc9df8c26
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

18
docs/reference/scripting/grok-syntax.asciidoc
View file

@ -11,7 +11,7 @@ fields.
[[grok-syntax]]
==== Grok patterns
The {stack} ships with numerous https://github.com/elastic/elasticsearch/blob/master/libs/grok/src/main/resources/patterns/grok-patterns[predefined grok patterns] that simplify working with grok. The syntax for reusing grok patterns
The {stack} ships with numerous https://github.com/elastic/elasticsearch/blob/master/libs/grok/src/main/resources/patterns/legacy/grok-patterns[predefined grok patterns] that simplify working with grok. The syntax for reusing grok patterns
takes one of the following forms:
[%autowidth]
@ -49,6 +49,22 @@ can match this text by using the following grok expression:
%{NUMBER:duration} %{IP:client}
----
[[grok-ecs]]
==== Migrating to Elastic Common Schema (ECS)
To ease migration to the {ecs-ref}[Elastic Common Schema (ECS)], a new set of
ECS-compliant patterns is available in addition to the existing patterns. The
new ECS pattern definitions capture event field names that are compliant with
the schema.
The ECS pattern set has all of the pattern definitions from the legacy set, and
is a drop-in replacement. Use the
{logstash-ref}/plugins-filters-grok.html#plugins-filters-grok-ecs_compatibility[`ecs-compatability`]
setting to switch modes.
New features and enhancements will be added to the ECS-compliant files. The
legacy patterns may still receive bug fixes which are backwards compatible.
[[grok-patterns]]
==== Use grok patterns in Painless scripts
You can incorporate predefined grok patterns into Painless scripts to extract