Hi Everyone, i have a logstash configuration to parse my current logs but i would like to create a sub field from my message field and that data should be parsed as a fieldname, please suggest how that is possible: For example in the following logs how can i make a separate field for PosErr_Advanc…

If the problem is the extra space between Jul and 8 then change the mapping from "%{timestamp1} %{+timestamp1} %{+timestamp1} %{Theatre}... to "%{timestamp1->} %{+timestamp1} %{+timestamp1} %{Theatre}...

Discuss the Elastic Stack

Creating a sub field of GROK filter pattern

Elastic Stack Logstash

Badger July 12, 2020, 11:42pm 2

Personally I would not grok that, I would dissect and then use kv.

Topic		Replies	Views
Logstash filter to create a subfield based on specific text in a log message Logstash	2	170	December 24, 2023
Creating subfileds in logstash Logstash	5	814	July 6, 2017
Not able to create separate fields all log data in message field Logstash	3	284	July 29, 2019
Help to create new field from message Logstash	2	312	February 20, 2023
Parsing a Concatenated Field to Extract Sub-Fields Logstash	3	267	July 19, 2021

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.

Creating a sub field of GROK filter pattern

Related topics