Hi,
I want to replace a string in my message field. How should i proceed in logstash filter.
Below is a sample [message] log:
input to logstash:(before parsing)
some text in the beginning Auth: Sec slghltrgj;sjtg;String to replaced;rtfygjhrslfknr;f some text after
output from logstash: (after parsing)
some text in the beginning **Auth: Sec **************************************** some text after
Can anyone provide some ideas on how i can do the above parsing in logstash?
Use a mutate filter and its gsub option.
Thanks @magnusbaeck
Is there a way i can do the following using logstash filters:
I have an ID stored in a field example id: 123456789.
I want to replace first 5 digits with an 'x'. so that id looks like, id:xxxxx6789.
How can i do this in logstash filters?
Thanks.
@magnusbaeck Is there a way we can perform a count operation in if condition in logstash filter.
For example:
I am trying to check the occurrence of "text" in my [message] field.
something like this,
filter{
if count("text")[message] >1 {
"do something"
}
}
if this is not possible, could you suggest a way to do this kind of operation.
@magnusbaeck
Could show a small example on how can i can proceed on this please.
Thanks in advance.
Sorry, I don't have time to do that. There are plenty of ruby filter examples around and the code itself is pretty normal Ruby code.
@magnusbaeck
ok.
Could you just help with this?
event.set('count', event.get('message').count.('text'))
I am getting the below error:
[ERROR][logstash.filters.ruby ] Ruby exception occurred: wrong number of arguments
How can i correct this?
count('text'), not count.('text').
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.