Combining 2 fields in logstash

satyajeet_dutt · April 30, 2019, 10:40am

I have been trying to combine 2 fields in logstash.
My first clickstream log contains {x=y, software=DEMO, language=EN} as a parameter.
My second log contains clickstream log {a=b, projectId=DEMO, language=EN} as a parameter.

I want to make a single field called software_used that contains value of software and projectId.
Someone plz help me with this.

logger · May 24, 2019, 3:18pm

Hi,

you can grok it to get rid of the curly brackets and then use the kv filter:
https://www.elastic.co/guide/en/logstash/current/plugins-filters-kv.html

after this you can use the mutate filter to combine these as you want.
https://www.elastic.co/guide/en/logstash/current/plugins-filters-mutate.html

Topic		Replies	Views
Combining the logs in logstash Logstash	10	1694	August 16, 2019
Merge two fields into one Logstash	3	4748	June 5, 2020
Merge Several json parsed fields to 1 field Logstash	5	3104	July 6, 2017
How can i add two fields which contains string value and store it in a new field Logstash	4	1896	June 24, 2019
Merge 2 fields from seperate events into one field Logstash	2	331	August 12, 2019

Combining 2 fields in logstash

Related topics