check if a string starts with number using regular expression

regex logstash filebeat
Y0gesh Gupta picture Y0gesh Gupta · May 30, 2016 · Viewed 64.1k times · Source

I am writing a filebeat configuration when I am matching if a line starts with a number like 03:32:33 ( a timestamp). I am currently doing it by-

\d

But its not getting recognised, is there anything else which I should do. I am not particularly good/ have experience with regex. Help will be appreciated.

Answer

Washington Guedes picture Washington Guedes · May 30, 2016

The real problem is that filebeat does not support \d.

Replace \d by [0-9] and your regular expression will work.

I suggest you to give a look at the filebeat's Supported Patterns.

Also, be sure you've used ^, it stands for the start of the string.

Related questions

How to process multiline log entry with logstash filter?

Background: I have a custom generated log file that has the following pattern : [2014-03-02 17:34:20] - 127.0.0.1|ERROR| E:\xampp\htdocs\test.php|123|subject|The error message goes here ; array ( 'create' => array ( 'key1' => 'value1', 'key2' => …

Read More
Logstash grok multiline message

My logs are formatted like this: 2014-06-19 02:26:05,556 INFO ok 2014-06-19 02:27:05,556 ERROR message:space exception at line 85 solution:increase space remove files There are 2 types of events: -log on one line like the first -log on multiple line like …

Read More
Regex query syntax examples in kibana

I am trying to find the different kinds of syntax I can give in regex type of query through kibana, but I was not able to find any information on this. I am running logstash and elasticsearch in the backend. …

Read More