I have a sample input like below.
[2022-01-06 19:51:42,143] [http-nio-8080-exec-7] DEBUG [50a4f8740c30b9ca,c1b11682-1eeb-4538-b7f6-d0fb261b3e1d]
I implemented a grok filter to validate the text.
\[%{TIMESTAMP_ISO8601:timestamp}\] \[(?<threadname>[^\]]+)\] %{LOGLEVEL:logLevel} \[%{WORD:traceId},%{WORD:correlationId}\]
When I validate it, it says there are no matches. But If I remove - in correlation id, that filter is working fine. Is there any modification to do to the filter to accept - in the correlation id?
Try this.
\[%{TIMESTAMP_ISO8601:timestamp}\] \[%{DATA:threadName}\] %{LOGLEVEL:logLevel} \[%{DATA:traceId},%{DATA:correlationId}\]