root
/
elasticsearch
mirror of https://github.com/elastic/elasticsearch.git
1
0
Fork 0
Code Issues Actions 1 Packages Projects Releases Wiki Activity
elasticsearch/docs/reference/text-structure/apis/test-grok-pattern.asciidoc

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

96 lines
2.0 KiB
Plaintext
Raw Normal View History

Endpoint to test Grok pattern (#104394) * Add extract match ranges functionality to Grok. * TestGrokPatternAction and Request * TestGrokPattern response * Update docs/changelog/104394.yaml * Polish validation error message * Improve test_grok_pattern API * Add explicit CharSet * Add endpoint to operator constants * Add TransportTestGrokPatternActionTests * REST API spec * One more TransportTestGrokPatternActionTest * Fix API spec * Refactor REST API spec * Polish code * Replace TransportTestGrokPatternActionTests by a YAML REST test * Add ecs_compatibility * Always return arrays in the API * Documentation * YAML test for ecs_compatibility * Rename doc fileø * serverless scope * Fix docs (hopefully) * Update docs/reference/rest-api/index.asciidoc Co-authored-by: István Zoltán Szabó <istvan.szabo@elastic.co> * Add "text structure APIs" header in docs TOC * Move file * Remove test grok from main index * typo * Nested APIs underneath text structure --------- Co-authored-by: István Zoltán Szabó <istvan.szabo@elastic.co>
2024-01-24 16:35:59 +08:00
[role="xpack"]
[[test-grok-pattern]]
= Test Grok pattern API
++++
<titleabbrev>Test Grok pattern</titleabbrev>
++++
Tests a Grok pattern on lines of text, see also <<grok,Grokking grok>>.
[discrete]
[[test-grok-pattern-request]]
== {api-request-title}
`GET _text_structure/test_grok_pattern` +
`POST _text_structure/test_grok_pattern` +
[discrete]
[[test-grok-pattern-desc]]
== {api-description-title}
The test Grok pattern API allows you to execute a Grok pattern on one
or more lines of text. It returns whether the lines match the pattern
together with the offsets and lengths of the matched substrings.
[discrete]
[[test-grok-pattern-query-parms]]
== {api-query-parms-title}
`ecs_compatibility`::
(Optional, string) The mode of compatibility with ECS compliant Grok patterns.
Use this parameter to specify whether to use ECS Grok patterns instead of
legacy ones when the structure finder creates a Grok pattern. Valid values
are `disabled` and `v1`. The default value is `disabled`.
[discrete]
[[test-grok-pattern-request-body]]
== {api-request-body-title}
`grok_pattern`::
(Required, string)
The Grok pattern to run on the lines of text.
`text`::
(Required, array of strings)
The lines of text to run the Grok pattern on.
[discrete]
[[test-grok-pattern-example]]
== {api-examples-title}
[source,console]
--------------------------------------------------
GET _text_structure/test_grok_pattern
{
"grok_pattern": "Hello %{WORD:first_name} %{WORD:last_name}",
"text": [
"Hello John Doe",
"this does not match"
]
}
--------------------------------------------------
The API returns the following response:
[source,console-result]
----
{
"matches": [
{
"matched": true,
"fields": {
"first_name": [
{
"match": "John",
"offset": 6,
"length": 4
}
],
"last_name": [
{
"match": "Doe",
"offset": 11,
"length": 3
}
]
}
},
{
"matched": false
}
]
}
----