Create new columns from one column value

Varun_Goyal · September 14, 2018, 10:28am

I have a csv columns as:

Data1,Data2,"Product: XYZ\r\nVersion: 1.0.0\r\nLanguage: English\r\nDate: Wednesday, September 12, 2018\r\n"

By using filter I am able to get data in columns, here is my filter:

csv {
#autodetect_column_names => true
columns => ["F1","F2","F3"]
source => "message"

}
mutate {
add_field => { "NEW_FIELD" => "%{F1}" }
}

I want to split F3 Data which is:
"Product: XYZ\r\nVersion: 1.0.0\r\nLanguage: English\r\nDate: Wednesday, September 12, 2018\r\n"
in key value pair.

Can any one help how can i achieve this ?

yaauie · September 14, 2018, 5:29pm

First, you may want to use the Mutate Filter Plugin's copy directive, which is a little nicer about copying edge-case values than add_field with string interpolation.

mutate {
  copy => {
    "F1" => "NEW_FIELD"
  }
}

Next, You could likely use the KV Filter Plugin to split out the key/value pairs from the F3 field:

kv {
  source => "F3"
  field_split => "\n"
  value_split => ":"
  trim_value => "\r\s" # trim carriage-returns and whitespace from beginning and end of value 
}

system · October 12, 2018, 5:29pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash CSV mutate, split and filter Logstash	6	968	May 21, 2022
How to use split filter on the field using logstash Logstash	5	6142	March 27, 2019
Can I use an existing field in the event to create the columns for a CSV filter? Logstash	3	477	September 5, 2020
Need to Split the Value in the Message Logstash	1	223	July 14, 2020
Split csv column to several fields Logstash	16	5981	July 6, 2017

Create new columns from one column value

Related Topics