Further split logstash output for a particular field

amit.karir · May 16, 2017, 6:01pm

Hi,

I have got my sql server data(from a table) sent to logstash and here is the stdout looks like:

{
"exception" => "A exception with a null response was thrown sending an HTTP request to the remote WebDriver server",
"process" => "Plan",
"variables" => "(407) 111-1111%Floor1%NetworkTelcom%ISEContactNameTom smith%ContactEmailA.B@GMAIL.COM%EquipmentOptionTemplate%ProcurementRental",
"profile" => "Plan",
"stepcompleted" => "Started Processing",
"datecreated" => 2017-05-16T11:32:28.300Z,
"inputparam" => "ORDER11111,1111111",
"transactionid" => "ORDER11111,1111111uewrutewurt",
"ordercreationdetails" => nil,
"@timestamp" => 2017-05-16T17:42:05.011Z,
"enddatetime" => 2017-05-16T11:45:28.760Z,
"@version" => "1",
"username" => "assistedge.rpa",
"startdatetime" => 2017-05-16T11:32:32.587Z,
"status" => "Failed",
"applicationwithexception" => "AppB"
}

I need to further split the variables field into logstash fields. The field values are delimited by % and key-value by *.

Can someone share pointers on how to achieve it?

magnusbaeck · May 18, 2017, 5:31am

Look into the kv filter, possibly in conjunction with a grok filter if you want to separate the initial phone number (?) from the key/value pairs.

system · June 15, 2017, 5:31am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.