hi ,
my message is like below
Error type : VALIDATION:INVALID_NUMBER
FlowStack : at db-error-logFlow(db-error-logFlow/processors/0 @ db-error-log:db-error-log.xml:18
i want just single line " Error type : VALIDATION:INVALID_NUMBER"
i am using below code
if "Error type" in [rsys_message]{
grok
{
match => ["cp_msg","(?<Error_type>.(Error type :).{22})"]
}
mutate
{
gsub => ["Error_type", "Error type :", ""]
}
}
can we get single line without specifing length in statement
" match => ["cp_msg","(?<Error_type>.(Error type :).{22})"] "