Help on case sensitive kv plugin


(Brian) #1

Im using the kv plugin to extract some values from syslog messages such as From, to, call-ID, etc. Problem is that some logs come in capitalized and others don't and from what I can tell kv are case sensitive, any suggestions to solve this? here is the section of the code im using now

  kv{
	include_keys => ["Contact", "To", "From", "Call-ID"]                           # take syslog_message & look for keyvalues followed by ":" and parce them out
	source => "syslog_message"
	value_split => ":"
  }

(Magnus Bäck) #2

Can't you just list both "Call-ID" and "call-ID" in include_keys?


(Brian) #3

but when I do a search I would have to do two searches which is not ideal


(Magnus Bäck) #4

Sure, but you could rename the fields after the kv filter so the naming is consistent.


(system) #5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.