SigNoz is an open-source APM. It helps developers monitor their applications & troubleshoot problems, an open-source alternative to DataDog, NewRelic, etc.

SigNoz Community

for log pipelines, why do grok capture groups need to have a `p` before them? e.g.
```%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{TIME} %{LOGLEVEL:level} %{NUMBER} --- \[.*\] (?P&lt;method&gt;.*) :```
works, but
```%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{TIME} %{LOGLEVEL:level} %{NUMBER} --- \[.*\] (?&lt;method&gt;.*) :```
doesn't. Grok debugger only accepts the second syntax, so I'm curious why the first syntax is used in Signoz.

image.png

same for Regex. I couldn't find anything else online that uses the "P" as part of their capturing groups

from <https://signoz.io/docs/logs-pipelines/processors/#regex>

oh, it uses re2 syntax <https://github.com/google/re2/wiki/Syntax>

Yeah it uses the re2 syntax <https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/pkg/stanza/docs/operators/regex_parser.md>


grok supports regex as well, so `(?P&lt;method&gt;.*)` is the regex in your grok pattern you can change it to grok