Converting value in field

Lokesh_Mayan · November 16, 2020, 12:34pm

Hi i am having a log list like this

<#> 20200924 15:14:44.552 000000997 FD.WRN [ MVINB-LSL2.T1G1_ATMTH_SL main.main ConfigService.ConfigService ] Unable to get CommonParamConfig of [DAC_TEST_WHILE_IDLE, *]. Memory table not loaded yet

<#> 20200924 15:14:44.529 000000997 FD.INF [ MVINB-LSL2.T1G1_ATMTH_SL main.main ConfigService.ConfigService ] Update Switched Flag.

I want to convert the all the value with "FD.WRN" with "Warning" and "FD.INF" as "Info" and display as "warning" "Info" in the kibana. is there any way?

Badger · November 16, 2020, 4:00pm

If you are parsing out that field, then you could use a translate filter. If you are just passing the message through then you could use mutate+gsub.

Lokesh_Mayan · November 17, 2020, 9:57am

Thank you so much @Badger Got the respective output by using mutating and gsub => [ "event_type" , "FD.WRN" , "Warning"]
gsub => [ "event_type" , "EV.WRN" , "Warning"]

system · December 15, 2020, 9:57am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Field conversion Query Logstash	1	371	July 6, 2017
Converting a new field Logstash	4	270	August 14, 2019
How to convert a nested field type? Logstash	12	6743	July 6, 2017
Rename field value of int with string name Logstash	3	379	July 23, 2019
Mutate convert not working Logstash	3	2368	July 6, 2017

Converting value in field

Related topics