Hi all,
I have an app that logs structured data in a custom format and wanted to try and write a regex parser for it so I can aggregate on values in the log at query time. From reading the docs it looks like I would need to use named capture groups, with the name of the capture group becoming the key, and the captured text becoming the value. That seems to imply that you would need to know all of the keys in the logs and what order they come in while writing the query. Is there a way to set it up to capture arbitrary key names and values that conform to a regex pattern? Or is regex not the way to go here?
For example if I had a log where part of it contained the data |key1=value1|key2=value2|key3=value3, how could I turn those into separate labels (without explicitly putting the names of the keys into the regex)?