I am using logstash to ingest some data from a sql DB. I am able to get the data in elastic but i want to get a substring from a filed and put it into another field. For example i have the following line:
{"Timestamp":"2018-10-17T10:36:26.1895556+03:00","Level":"Information","MessageTemplate":"MessageBusSubscriberService for message type {MessageType} is starting","Properties":{"MessageType":"ResetCache","SourceContext":"adjadsklaslk","CorrelationId":null}}
I want to get "Reset Cache" which is after "Message Type" and to put it in another field.
I tried with grok or mutate filter but i wasn't able to get that substring. Do you have any solution?
I have the folloowing filter section:
filter {
grok {
match => {"logevent" => "MessageType":"?(?[a-zA-Z]+)"}
}
}
and when i run logstash i get the following error:
Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, {, } at line 16, column 40 (byte 522) after filter
I don'e see where is missing one of #, {, }.
The pattern is wrong because the markdown ate the field name
match => {"message" => 'MessageType":"?(?<someField>[a-zA-Z]+)'}
However, if you are still getting "undefined method `unlock' for nil:NilClass" please provide the entire filter, becausei I would not expect to get that error from a grok.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.