Add new field with value from grok filter

Automation_Scripts · April 5, 2021, 5:45pm

Hi all,

I need to add a value to a field from a variable within a grok filter.

filter {
    grok { 
      match => [ "message", "(?<ts>(.*?))\t(?<uids>(.*?))" ]    
 }
    mutate { add_field => { "container_id" => "%{uids}" } }
}

The field is created but the value is not taken into consideration it simply puts the string %{uids}.
How should I add the value from this grok variable to a field?

Thank you!

elasticforme · April 5, 2021, 7:39pm

this is because you have %{uid} not set from grok pattern.

otherwise code looks correct

Automation_Scripts · April 5, 2021, 7:51pm

something was caching badly. worked like a charm after restart.

system · May 3, 2021, 7:51pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Adding new fields from grok filter in logstash Logstash	1	547	November 20, 2018
Can't create a field with a variable from a grok match regex Logstash	7	1983	August 30, 2018
Reference a value from new added field within grok match setting Logstash	1	161	April 11, 2022
How to add a new field and value with field name and value taken from another fields value? Logstash	2	515	February 5, 2019
Add a field Logstash	3	319	July 6, 2017

Add new field with value from grok filter

Related topics