Hello! I am trying to split the message field into array and create many columns according to the list I got.. Can I do this?
logstash filter config is like below:
grok {
match => {
"message" => "%{GREEDYDATA:data}"
}
}
mutate {
split => ["data", ":::"]
}
translate {
dictionary => data
}
message looks like below
term:::asd:::session_id:::qwer123asd
So that I get 2 fields term and session_id
the translate filter isn't useful here, maybe something like:
input { generator { count => 1 message => "term:::asd:::session_id:::qwer123asd" } }
filter {
mutate { add_field => { "data" => "%{message}" } }
mutate {
split => ["data", ":::"]
}
ruby { code => 'event.set("data", Hash[*event.get("data")])' }
}
output { stdout { codec => rubydebug } }
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.