My config file is:
{
stdin{}
}
filter
{
if "box_Firewall" not in [program] {
if [message] =~ /{".*":\s".*",/ {
json { source => "message" }
mutate { add_tag => "json" }
}
else if [message] =~ /\w+=\w+\s\w+=\w+/ {
kv { source => "message" }
mutate { add_tag => "kv" }
}
else {
csv {
source => "message"
separator => " "
}
mutate { add_tag => "csv" }
}
}
else { drop{} }
}
output
{
stdout{}
}
my entry is:
[ActiveJob] [StorageClusterReplicaVerifierJob] [6f622ec3-0e49-4aba-a5bd-2df8bb83b1aa] Enqueued StorageReplicationVerificationJob (Job ID: aa4386d8-6dac-410d-a954-5f434f749aa2) to Aqueduct(storage_cluster) with arguments: {"oid"=>"73e53d8ceab9a9bf1c395c355dbf60ebf107c438361ca80ff41894f72262b3d3", "hosts"=>["storage-server-6b256858-8802-11eb-85e1-000d3a249d7a", "storage-server-a19d055e-8757-11eb-af0e-000d3aae22c6"]}
When I paste it on the terminal the following error pops up
The filter part is because I'm expecting several types of logs = key=value, value only and json
Any help would be much appreciated