Gsub not working to remove | (vertical bar/piper)

kabilan · February 13, 2018, 7:54pm

hey i've been religiously trying to figure out how to remove the vertical bar from my log entries.

		gsub => [ "message", "/\|/g", " "]

no luck

Badger · February 13, 2018, 9:00pm

gsub => [ "message", "\|", " "]

kabilan · February 13, 2018, 9:18pm

I tried that first, no luck

kabilan · February 13, 2018, 9:20pm

eg.

local0--info--AFA-STE--CEF--2018-02-10T12:00:33-05:00--0|AlgoSec|FireFlow|v6.11.420-b159|Log|Log|0|

trying to replace the | with a empty space

Badger · February 13, 2018, 9:25pm

Works for me. With this config

input { stdin {} }
filter { mutate { gsub => [ "message", "\|", " " ] } }
output { stdout { codec => rubydebug } }

run using

echo 'local0--info--AFA-STE--CEF--2018-02-10T12:00:33-05:00--0|AlgoSec|FireFlow|v6.11.420-b159|Log|Log|0|' | /usr/share/logstash/bin/logstash -f test.conf

I get

       "message" => "local0--info--AFA-STE--CEF--2018-02-10T12:00:33-05:00--0 AlgoSec FireFlow v6.11.420-b159 Log Log 0 "

system · March 13, 2018, 9:26pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Help needed for reading Logs Logstash	10	1015	December 16, 2016
Gsub not working Logstash	11	2266	October 10, 2017
Remove charactes with gstug Logstash	1	216	July 5, 2019
Logstash mutate gsub replace json key Logstash	2	1043	August 7, 2019
Remove opening and closing parenthesis using gsub Logstash	7	322	November 18, 2022

Gsub not working to remove | (vertical bar/piper)

Related topics