but... nop, it doesn't work. Logstash no like it. There's this field with domain and username that comes out as domain\\username from the log message. Everything else is already working nicely, but when I uncomment that specific line...
In case you ever do need to do it (or someone's forum search gets a hit on your title) it is hard to get logstash to allow a backslash before the closing quote surrounding a string, so you represent each backslash using one occurrence of the character class that only includes backslash, then use a capture group in the replacement string
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.