Add new field from an old one [Solved]

Chemse · August 9, 2017, 1:22pm

Hello, I have the field Mat equal to:

Mat = "07/07/2017-03:09:39 0235918 LEFER GUILLAUME Tps"

and I did this but it doesn't work

mutate {
				split => { "Mat" => " " }
				remove_field => ["Mat[2]","Mat[2]","Mat[2]"]
				
			}
			mutate {
				add_field => {"time" => "%{Mat[0]}"}
				add_field => {"matricule" => "%{Mat[1]}"}
			}

can you help me please !! how can I create a new field from a hash table

Thanks

Chemse · August 9, 2017, 3:30pm

Solved by doing this

grok {
    match => [ "Mat", "%{NOTSPACE:time} %{NOTSPACE:matricule} %{NOTSPACE:matri}"]
}
mutate {
    remove_field => ["matri"]
    remove_field => ["Mat"]
}

system · September 6, 2017, 3:30pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Add new field Logstash	1	1045	July 12, 2017
Adding a field from existing ones Logstash	9	2013	April 12, 2017
I want to add new field and replace the one of the existing field value to the newly added field Logstash	1	283	September 13, 2019
Unable to get new field with mutate filter Logstash	5	262	May 11, 2022
Add Value to New Field Logstash	1	213	November 19, 2020

Add new field from an old one [Solved]

Related topics