mirror of
https://github.com/elastic/elasticsearch.git
synced 2025-04-25 07:37:19 -04:00
5dec83f69e
* Add extract match ranges functionality to Grok. * TestGrokPatternAction and Request * TestGrokPattern response * Update docs/changelog/104394.yaml * Polish validation error message * Improve test_grok_pattern API * Add explicit CharSet * Add endpoint to operator constants * Add TransportTestGrokPatternActionTests * REST API spec * One more TransportTestGrokPatternActionTest * Fix API spec * Refactor REST API spec * Polish code * Replace TransportTestGrokPatternActionTests by a YAML REST test * Add ecs_compatibility * Always return arrays in the API * Documentation * YAML test for ecs_compatibility * Rename doc fileø * serverless scope * Fix docs (hopefully) * Update docs/reference/rest-api/index.asciidoc Co-authored-by: István Zoltán Szabó <istvan.szabo@elastic.co> * Add "text structure APIs" header in docs TOC * Move file * Remove test grok from main index * typo * Nested APIs underneath text structure --------- Co-authored-by: István Zoltán Szabó <istvan.szabo@elastic.co>
95 lines
2 KiB
Text
95 lines
2 KiB
Text
[role="xpack"]
|
|
[[test-grok-pattern]]
|
|
= Test Grok pattern API
|
|
|
|
++++
|
|
<titleabbrev>Test Grok pattern</titleabbrev>
|
|
++++
|
|
|
|
Tests a Grok pattern on lines of text, see also <<grok,Grokking grok>>.
|
|
|
|
[discrete]
|
|
[[test-grok-pattern-request]]
|
|
== {api-request-title}
|
|
|
|
`GET _text_structure/test_grok_pattern` +
|
|
|
|
`POST _text_structure/test_grok_pattern` +
|
|
|
|
[discrete]
|
|
[[test-grok-pattern-desc]]
|
|
== {api-description-title}
|
|
|
|
The test Grok pattern API allows you to execute a Grok pattern on one
|
|
or more lines of text. It returns whether the lines match the pattern
|
|
together with the offsets and lengths of the matched substrings.
|
|
|
|
[discrete]
|
|
[[test-grok-pattern-query-parms]]
|
|
== {api-query-parms-title}
|
|
|
|
`ecs_compatibility`::
|
|
(Optional, string) The mode of compatibility with ECS compliant Grok patterns.
|
|
Use this parameter to specify whether to use ECS Grok patterns instead of
|
|
legacy ones when the structure finder creates a Grok pattern. Valid values
|
|
are `disabled` and `v1`. The default value is `disabled`.
|
|
|
|
[discrete]
|
|
[[test-grok-pattern-request-body]]
|
|
== {api-request-body-title}
|
|
|
|
`grok_pattern`::
|
|
(Required, string)
|
|
The Grok pattern to run on the lines of text.
|
|
|
|
`text`::
|
|
(Required, array of strings)
|
|
The lines of text to run the Grok pattern on.
|
|
|
|
[discrete]
|
|
[[test-grok-pattern-example]]
|
|
== {api-examples-title}
|
|
|
|
[source,console]
|
|
--------------------------------------------------
|
|
GET _text_structure/test_grok_pattern
|
|
{
|
|
"grok_pattern": "Hello %{WORD:first_name} %{WORD:last_name}",
|
|
"text": [
|
|
"Hello John Doe",
|
|
"this does not match"
|
|
]
|
|
}
|
|
--------------------------------------------------
|
|
|
|
The API returns the following response:
|
|
|
|
[source,console-result]
|
|
----
|
|
{
|
|
"matches": [
|
|
{
|
|
"matched": true,
|
|
"fields": {
|
|
"first_name": [
|
|
{
|
|
"match": "John",
|
|
"offset": 6,
|
|
"length": 4
|
|
}
|
|
],
|
|
"last_name": [
|
|
{
|
|
"match": "Doe",
|
|
"offset": 11,
|
|
"length": 3
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"matched": false
|
|
}
|
|
]
|
|
}
|
|
----
|