Hi ,
I have a grok filter like this
grok {
patterns_dir => "./patterns/custom-patterns"
match => {"message" => ["%{IP:remoteIp}%{SPACE}%{MAC:remoteMac}%{SPACE}%{NUMBER}%{SPACE}%{WORD}%{SPACE}%{PORT:localPort}%{SPACE}vlan-id%{SPACE}%{NUMBER:vid}"]}
add_tag => ["neighbor_node"]
}
and it works fine. the thing is the field labeled as remoteMac is : seperated ex. 00:00:5e:00:01:a3
now my question is, is there a way to remove : and save the result again in remoteMac field?
Thanks