Extract substring of a log line

DFrant · July 27, 2017, 12:39pm

Hello,

I have some logs lines wich are only one string, for example :

01999918000170702135929%WS%00000000000070030819078820913135929050000080RRN0002W900500000000C0000000000000500024464063100100 03081907882 300 R00

I would know how it is possible to use a filter to extract field from this string using char index.
For example:

ID = substring(0,11)
date = substring(11, 17)
etc...

Thanks

leandrojmp · July 28, 2017, 3:24am

Maybe you can use the ruby filter to do that.

Should be something like this

filter {
    ruby {
        code => "
             event.set('ID', event.get('message')[0..11])
             event.set('date', event.get('message')[12..17])
        "
    }
}

This way a field called ID will receive the substring for 0 to 11 from the source field message, which countains your log line, the same for the field date.

I was not able to test this yet, but in theory this should work.

You can read more of the ruby filter here

DFrant · July 28, 2017, 10:28am

Thanks for your answer.

I proceed with pattern matching and regex to proceed:

I defined patterns that i want to match with my log line:

ID (^.{0}.{11})
TESTTIMESTAMP (.{12})
...

And in my pattern matcher I did:

 match => { "message" => "%{ID:id}%{DATE:date}..."}

system · August 25, 2017, 10:28am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Substring a field from Logstash Logstash	3	2030	March 4, 2020
Logstash substring a field using position Logstash	6	15863	July 6, 2017
Picking substring from field in logstash Logstash	2	2911	September 20, 2017
Logstash Filter to parse a string Logstash	5	904	August 27, 2019
Get substrings from the log Logstash	5	873	July 6, 2017

Extract substring of a log line

Related topics