Can dissect filter be used, when message contains unknown number of names separated by comma

Preben_Nilsson · October 23, 2018, 10:47am

Hi experts.

I am trying to use the dissect filter to parse the below line:

So far my filter looks lie this:

dissect {
    mapping => {
        "message" => '%{source_log_timestamp},%{+source_log_timestamp/2} | %{user} | %{roles} | %{ip} | %{component} | %{event} | %{eventdetailid} | %{log_message}'
    }
}

My problem is that the "roles" field can contain an unknown number og strings separated by comma (,).
Is it possible to parse the roles with the dissect filter, or will I have to grok it?

system · November 20, 2018, 10:47am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Is it possible to include regex in dissect filter? Logstash	5	1714	August 1, 2018
Help using logstash dissect filtering Logstash	3	325	June 18, 2019
Understanding dissect behaviour Logstash	8	844	September 30, 2019
Logstash grok / dissect filter over array Logstash	5	1680	November 8, 2018
Filter multiple spaces with a single Dissect field? Logstash	3	1755	February 18, 2019

Can dissect filter be used, when message contains unknown number of names separated by comma

Related topics