Converting value in field

Lokesh_Mayan · November 16, 2020, 12:34pm

Hi i am having a log list like this

<#> 20200924 15:14:44.552 000000997 FD.WRN [ MVINB-LSL2.T1G1_ATMTH_SL main.main ConfigService.ConfigService ] Unable to get CommonParamConfig of [DAC_TEST_WHILE_IDLE, *]. Memory table not loaded yet

<#> 20200924 15:14:44.529 000000997 FD.INF [ MVINB-LSL2.T1G1_ATMTH_SL main.main ConfigService.ConfigService ] Update Switched Flag.

I want to convert the all the value with "FD.WRN" with "Warning" and "FD.INF" as "Info" and display as "warning" "Info" in the kibana. is there any way?

Badger · November 16, 2020, 4:00pm

If you are parsing out that field, then you could use a translate filter. If you are just passing the message through then you could use mutate+gsub.

Lokesh_Mayan · November 17, 2020, 9:57am

Thank you so much @Badger Got the respective output by using mutating and gsub => [ "event_type" , "FD.WRN" , "Warning"]
gsub => [ "event_type" , "EV.WRN" , "Warning"]

system · December 15, 2020, 9:57am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.