I'm a total newbie and I have created this filter in Logstash and the purpose is to create a "tag" in Elasticsearch called CVE that will find CVE numbers like CVE-1000-1000 or CVE-2016-0505 or any other 4 digit abritary number.
My code looks like this:
filter {
grok {
match => [
"CVE",
"(CVE-[0-9]{4}-[0-9]{4})"
]
}
}
I also wonder how i can make it case insensitive.
Please help!
答案 0 :(得分:1)
这是解决方案
grok {
match => ["text", "(?<cve>CVE-\d{4}-\d{4})"]
}
非常感谢Elastic的MagnusBäck