I use logstash to parse messages from filebeat. Individual messages have the following syntax:
key1: some data!....
-...data continues..special symbols ..:!?111--
whatever...1234!"..??..data..continues !!';;; blabla
key2: important data
key1's value is a multiline mess which I want to ingore.
Also note, that key2 is optional, and it can happen to not to be in the log message!
I want to parse key2 value, if present, and tried it as so:
key1: (?m)%{DATA}(\nkey2:%{DATA:value})?
, but it seems that the first DATA block just matches the whole message and the optional part is skipped.
I need the first DATA block to not to be greedy, and so not to skip key2.
Thanks for any suggestions :)
