Hello,
I have some logs lines wich are only one string, for example :
01999918000170702135929%WS%00000000000070030819078820913135929050000080RRN0002W900500000000C0000000000000500024464063100100 03081907882 300 R00
I would know how it is possible to use a filter to extract field from this string using char index.
For example:
ID = substring(0,11)
date = substring(11, 17)
etc...
Thanks
Maybe you can use the ruby filter to do that.
Should be something like this
filter {
ruby {
code => "
event.set('ID', event.get('message')[0..11])
event.set('date', event.get('message')[12..17])
"
}
}
This way a field called ID will receive the substring for 0 to 11 from the source field message, which countains your log line, the same for the field date.
I was not able to test this yet, but in theory this should work.
You can read more of the ruby filter here
Thanks for your answer.
I proceed with pattern matching and regex to proceed:
I defined patterns that i want to match with my log line:
ID (^.{0}.{11})
TESTTIMESTAMP (.{12})
...
And in my pattern matcher I did:
match => { "message" => "%{ID:id}%{DATE:date}..."}This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.