I'm sure there is a simple solution to this but I'm new to working Logstash. The filter I'm trying to apply is for some firewall logs and I have a field that will either have a single or two values separated by a colon.
X16-V523 X16-V523:example.com
I have been using for the line with two values,
%{GREEDYDATA:srcint}:%{GREEDYDATA:srchost}
How do i make the second part of the match optional?
Chris
