Test a Grok pattern Generally available; Added in 8.13.0

POST /_text_structure/test_grok_pattern
Api key auth Basic auth Bearer auth

Test a Grok pattern on one or more lines of text. The API indicates whether the lines match the pattern together with the offsets and lengths of the matched substrings.

External documentation

Query parameters

  • ecs_compatibility string

    The mode of compatibility with ECS compliant Grok patterns. Use this parameter to specify whether to use ECS Grok patterns instead of legacy ones when the structure finder creates a Grok pattern. Valid values are disabled and v1.

application/json

Body Required

  • grok_pattern string Required
  • text array[string] Required

    The lines of text to run the Grok pattern on.

Responses

  • 200 application/json
    Hide response attribute Show response attribute object
    • matches array[object] Required
      Hide matches attributes Show matches attributes object
      • matched boolean Required
      • fields object
        Hide fields attribute Show fields attribute object
        • * array[object] Additional properties
          Hide * attributes Show * attributes object
          • match string Required
          • offset number Required
          • length number Required
POST /_text_structure/test_grok_pattern 
curl \
 --request POST 'http://api.example.com/_text_structure/test_grok_pattern' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n  \"grok_pattern\": \"Hello %{WORD:first_name} %{WORD:last_name}\",\n  \"text\": [\n    \"Hello John Doe\",\n    \"this does not match\"\n  ]\n}"'
Request example
Run `GET _text_structure/test_grok_pattern` to test a Grok pattern. 
{
  "grok_pattern": "Hello %{WORD:first_name} %{WORD:last_name}",
  "text": [
    "Hello John Doe",
    "this does not match"
  ]
}
Response examples (200)
A successful response from `GET _text_structure/test_grok_pattern`. 
{
  "matches": [
    {
      "matched": true,
      "fields": {
        "first_name": [
          {
            "match": "John",
            "offset": 6,
            "length": 4
          }
        ],
        "last_name": [
          {
            "match": "Doe",
            "offset": 11,
            "length": 3
          }
        ]
      }
    },
    {
      "matched": false
    }
  ]
}