The grok filter isn't always the best choice. In this case use the kv filter.
filter {
grok {
match => [
"message",
"<%{INT:syslog_pri}>%{GREEDYDATA:message}"
]
overwrite => "message"
}
kv { }
}
The grok filter isn't always the best choice. In this case use the kv filter.
filter {
grok {
match => [
"message",
"<%{INT:syslog_pri}>%{GREEDYDATA:message}"
]
overwrite => "message"
}
kv { }
}
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.