I'm fairly new to Logstash filtering stuff. I've below json string
{
"changed": false,
"msg": "Foo Facts: oma_phase: prd, oma_app: fsd, oma_apptype: obe, oma_componenttype: oltp, oma_componentname: -, oma_peak: pk99, oma_phaselevel: prd"
}
I would like to extract the fields oma_phase, oma_app, oma_apptype, oma_componenttype, oma_componentname, oma_peak & oma_phaselevel .
I've tried below native json filter,
filter {
if [type] == "ansible" {
json {
source => "ansible_result"
}
}
}
Here ansible_result is the key holding the above json value. However, there are many keys having different values but with the same ansible_result key. This is creating lot of index keys and I don't want that.
I would like to have some sort of filter which can match the substring Foo Facts and there after extracting the oma_* fields.
I somehow couldn't managed to do with grok filter to match the substring. It would be really great if you could help me with this.
Many thanks in advance..