Converting value in field

Lokesh_Mayan · November 16, 2020, 12:34pm

Hi i am having a log list like this

<#> 20200924 15:14:44.552 000000997 FD.WRN [ MVINB-LSL2.T1G1_ATMTH_SL main.main ConfigService.ConfigService ] Unable to get CommonParamConfig of [DAC_TEST_WHILE_IDLE, *]. Memory table not loaded yet

<#> 20200924 15:14:44.529 000000997 FD.INF [ MVINB-LSL2.T1G1_ATMTH_SL main.main ConfigService.ConfigService ] Update Switched Flag.

I want to convert the all the value with "FD.WRN" with "Warning" and "FD.INF" as "Info" and display as "warning" "Info" in the kibana. is there any way?

Badger · November 16, 2020, 4:00pm

If you are parsing out that field, then you could use a translate filter. If you are just passing the message through then you could use mutate+gsub.

Lokesh_Mayan · November 17, 2020, 9:57am

Thank you so much @Badger Got the respective output by using mutating and gsub => [ "event_type" , "FD.WRN" , "Warning"]
gsub => [ "event_type" , "EV.WRN" , "Warning"]

system · December 15, 2020, 9:57am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Rename field value of int with string name Logstash	3	396	July 23, 2019
Logstash, converting fields Logstash	4	563	February 13, 2018
Logstash mutate and translate the same field Logstash	3	891	April 3, 2017
Mutate message in Logstash Logstash	3	307	June 18, 2020
Mutate and Columns combined Logstash	3	911	July 6, 2017

Converting value in field

Related topics