Hello All,
This is my input string : SECU "OTN2.LAB":SHELF-1 001328 SHELF-1:16-02-05,00-15-00
And output parsed message looked like this :
"syslog_message" => "SECU \"OTN2.LAB\":SHELF-1 001328
Here is my filter looks like :
filter {
grok {
match => { "message" => "<[0-9]*>%{CIENA_TIMESTAMP:ciena_timestamp} %{SYSLOGHOST:syslog_hostname} %{GREEDYDATA:syslog_message}"}
remove_field => ["@version", "host", "message", "port"]
}
date {
target => "@timestamp"
match => [ "ciena_timestamp",
"MMM d HH-mm-ss",
"MMM dd HH-mm-ss" ]
timezone => "UTC"
}
}
Question is : From were its adding unwanted "//" in the parsed message. I dont want them to be present in my parsed message.
Thanks for your help.