Add field of one grok in another grok

richagautam · September 28, 2018, 7:44am

Hi Team,

I am using multiple grok to extract multiple pattern from the log file.
Below is the sample grok filters which I am using
grok {
message => {"%{NUMBER:Filed1} %{GREEDYDATA:message}" }
}

grok {
message => {"%{NUMBER:Filed1} test %{GRREDYDATA:filed2} %{GREEDYDATA:message}" }
}

Now in kibana discover page i am using below filed :
Filed1 Filed2 message

I want to show Filed1 and Filed 2 in every row. To achieve this i am trying to add Filed1 and Filed2 using mutate add_filed.But i a not able to do it.

Kindly advice how can i add filed of one grok in another grok, or how can add filed of one grok in every event.

Thanks

richagautam · October 3, 2018, 1:00pm

Hi Team,

achieve above scenario , i trying to write ruby filter. but i am getting exception " Syntax error, unexpected '\n' " at pt= event['path']

For testing purpose I have put for loop on 10 records only.

ruby {
code => "

			for i in 10
			{
			  tc = ''
                              pt = ''
			 if(event['TESTCASENAME'].nil?)
	                  {
			  tc = event['TESTCASENAME']
			  pt = event['path'] }
			 if ( event['TESTCASENAME'] == nil && event['Path']==pt)
			  {event['TESTCASENAME'] = tc)	
			  }
			}"
	 }

Kindly advice is this the correct approach and why this error is coming ?

system · October 31, 2018, 1:00pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.