Test a Grok pattern | Elasticsearch API documentation (v8)

Query parameters

ecs_compatibilitystring
The mode of compatibility with ECS compliant Grok patterns. Use this parameter to specify whether to use ECS Grok patterns instead of legacy ones when the structure finder creates a Grok pattern. Valid values are disabled and v1.

application/json

BodyRequired

grok_patternstring Required
textarray[string] Required
The lines of text to run the Grok pattern on.

Responses

200 application/json
Hide response attribute Show response attribute object
- matchesarray[object] Required
  Hide matches attributes Show matches attributes object
  matchedboolean Required
  fieldsobject
  Hide fields attribute Show fields attribute object
  *array[object] Additional properties
  Hide * attributes Show * attributes object
  matchstring Required
  offsetnumber Required
  lengthnumber Required

POST /_text_structure/test_grok_pattern

curl \
 --request POST 'http://api.example.com/_text_structure/test_grok_pattern' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n  \"grok_pattern\": \"Hello %{WORD:first_name} %{WORD:last_name}\",\n  \"text\": [\n    \"Hello John Doe\",\n    \"this does not match\"\n  ]\n}"'

Request example

Run `GET _text_structure/test_grok_pattern` to test a Grok pattern.

{
  "grok_pattern": "Hello %{WORD:first_name} %{WORD:last_name}",
  "text": [
    "Hello John Doe",
    "this does not match"
  ]
}

Response examples (200)

A successful response from `GET _text_structure/test_grok_pattern`.

{
  "matches": [
    {
      "matched": true,
      "fields": {
        "first_name": [
          {
            "match": "John",
            "offset": 6,
            "length": 4
          }
        ],
        "last_name": [
          {
            "match": "Doe",
            "offset": 11,
            "length": 3
          }
        ]
      }
    },
    {
      "matched": false
    }
  ]
}