Hi all,
I need to add a value to a field from a variable within a grok filter.
filter {
grok {
match => [ "message", "(?<ts>(.*?))\t(?<uids>(.*?))" ]
}
mutate { add_field => { "container_id" => "%{uids}" } }
}
The field is created but the value is not taken into consideration it simply puts the string %{uids}.
How should I add the value from this grok variable to a field?
Thank you!
this is because you have %{uid} not set from grok pattern.
otherwise code looks correct
something was caching badly. worked like a charm after restart.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.