Help to create new field from message

Panplumousse · March 2, 2022, 1:58pm

Hello every body,

I m looking for a way (maybe with grok, probably with grok ), to create new field by extracting some specifique pattern but with keeping the field message without modification after operation

Example:
2022-03-02 13:16:49.199 DEBUG --- [ool-2-thread-34] c.i.c.b.u.s.CommonSlackService : SR-MODIFY-DISK:jjcb SRID:631221 ServiceTask_1gqecng:e25 [SLACK] Sending message: FATAL Error! Processing of SR-MODIFY-DISK for businessKey SRID:631221 For more details, follow this lin

Need to create new field SRID with value 631221

thx a lot for help

Badger · March 2, 2022, 6:25pm

Try

grok { match => { "message" => "SRID:%{NUMBER:SRID}" } }

Panplumousse · March 3, 2022, 12:36pm

Thx you it works

system · March 31, 2022, 12:36pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Help to create new field from message Logstash	2	312	February 20, 2023
How to fetch specific data from message text and add it in new field Elasticsearch	1	402	February 7, 2019
Add new field from message Logstash	6	941	September 18, 2019
Logstash filtering Logstash	1	156	August 29, 2023
Unable to create a new Field in Logstash ElasticSearch please help Logstash	1	176	August 30, 2023

Help to create new field from message

Related Topics