Checking length of a message

Parvatayya_Malimath · October 25, 2018, 4:50pm

Hi

I am creating logstash filter, for a message like below
10.134.246.236 - username [24/Oct/2018:15:51:39 +0200] "POST /xyz/xyz/xyz/

i need to create a filter, which will check the length of username and create a tag (long or short) or create a field like long-username or short--username

i am kind of new to logstash and need help

My logstash conf looks like this

input {
stdin { }
}

filter {
grok {
match => { "message" => "%{IP:client_ip} - %{USERNAME :user}-" }
}

date {
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
}

output {
stdout { codec => rubydebug }
}

wwalker · October 25, 2018, 5:49pm

Seems like the Range filter should do what you need.

Parvatayya_Malimath · October 26, 2018, 7:09am

i dont have the plugin and no internet access from the machine. so is there a work around or something?

wwalker · October 29, 2018, 2:37pm

https://www.elastic.co/guide/en/logstash/current/offline-plugins.html

Parvatayya_Malimath · October 29, 2018, 2:40pm

I just used this. 'event.set("new_field", event.get("some_field").length())' in ruby filter
Thanks anyway

system · November 26, 2018, 2:42pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.