Hi Everyone, i have a logstash configuration to parse my current logs but i would like to create a sub field from my message field and that data should be parsed as a fieldname, please suggest how that is possible: For example in the following logs how can i make a separate field for PosErr_Advanc…

If the problem is the extra space between Jul and 8 then change the mapping from "%{timestamp1} %{+timestamp1} %{+timestamp1} %{Theatre}... to "%{timestamp1->} %{+timestamp1} %{+timestamp1} %{Theatre}...

Discuss the Elastic Stack

Creating a sub field of GROK filter pattern

Elastic Stack Logstash

Badger July 12, 2020, 11:42pm 2

Personally I would not grok that, I would dissect and then use kv.

Topic		Replies	Views
Logstash filter to create a subfield based on specific text in a log message Logstash	2	168	December 24, 2023
Dissect Filter, Creating Subfields Logstash	2	570	June 16, 2022
Help to create new field from message Logstash	2	312	February 20, 2023
Parsing a Concatenated Field to Extract Sub-Fields Logstash	3	267	July 19, 2021
Grok pattern to extract the fields from the log file Logstash	2	310	February 24, 2021

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.

Creating a sub field of GROK filter pattern

Related Topics