Hey everyone.
First time poster, long time reader.
I'm curious about the Logstash 'elapsed' filter.
I have two different patterns that I am successfully able to grok and generate start and end events for. However, these two log lines contain different bits of data that I'd like to capture and save in order to write them out when the end condition arrives in either a new event or with the end event.
ie
START_EVENT: 2018 01 01 12:00:00 THIS IS A START EVENT WITH DATA ABCD
END_EVENT: 2018 01 01 12:00:05 THIS IS AN END EVENT WITH DATA EFGH
Output:
ELAPSED_MATCH ELAPSED_TIME:5 DATA: ABCD,EFGH
Any ideas?