Hello, So i have a message in my log that contains parameters that i need to extract. This is an log line exemple : AgentID=50119&Tenant=2003&GroupID=15043&CountryCode=00&AreaCode=&DialedNumber=000000000 I need to extract Tenant value 50119 and put it in a variable Tenant. Now this would work…

Extract parameters from a message

Badger June 27, 2019, 1:56pm 8

grok is not the right tool for this. Use a kv filter

kv { field_split => "&" include_keys => [ "Tenant" ] }

The include_keys option is optional, by default it will extract every key/value pair. There is also an exclude_keys option.

1 Like

Topic		Replies	Views
Grok filter logstash config Logstash	7	1435	July 6, 2017
Grok filter inquiry Logstash	7	713	July 11, 2017
Parsing with Grok filter Logstash	2	418	May 22, 2017
Take out bits of a URIPATH in Logstash Logstash	21	4979	July 6, 2017
Pattern Assistance ## Logstash	4	820	July 6, 2017

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.

Extract parameters from a message

Related topics