Hi there
I have a problem to transform this line form a log file line to a json object.
The line is like this
[2020-02-14 14:33:08.882] [VALUE1] [VALUE2] [VALUE3] [VALUE4] [VALUE5] [VALUE6] [VALUE7] [VALUE8] # Other text
to
Property1 : "VALUE1",
Property2 : "VALUE2",
Property3 : "VALUE3",
Property4 : "VALUE4",
Property5 : "VALUE5",
Property6 : "VALUE6",
Property7 : "VALUE7",
Property8 : "VALUE8",
Property9: "Other text"
to store it easily in elasticsearch.
Thanks for any help
with this
filter {
grok {
match => { "message" => "[%{TIMESTAMP_ISO8601:Property1}] [%{WORD:Property2}] [%{WORD:Property3}] [%{WORD:Property4}] [%{WORD:Property5}] [%{WORD:Property6}] [%{WORD:Property7}] [%{DATA:Property8}] [%{DATA:Property9}] ?# %{DATA:Property10}" }
}
}
but last key-value property10 : # other text.... does not give me 'other text...'
Any help?
Using Grok Debugger in Kibana I got this (basically added end of line which is $ to the end of the GROK pattern
[%{TIMESTAMP_ISO8601:Property1}]%{SPACE}[%{WORD:Property2}]%{SPACE}[%{WORD:Property3}]%{SPACE}[%{WORD:Property4}]%{SPACE}[%{WORD:Property5}]%{SPACE}[%{WORD:Property6}]%{SPACE}[%{WORD:Property7}]%{SPACE}[%{WORD:Property8}]%{SPACE}[%{WORD:Property9}]%{SPACE}#%{SPACE}%{DATA:Property10}$
Resulted in
{
"Property4": "VALUE3",
"Property3": "VALUE2",
"Property2": "VALUE1",
"Property1": "2020-02-14 14:33:08.882",
"Property10": "Other text",
"Property9": "VALUE8",
"Property8": "VALUE7",
"Property7": "VALUE6",
"Property6": "VALUE5",
"Property5": "VALUE4"
}
Thank s a lot, it works,
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.