Below is the Input log to the logstash ..How to parse this ..How to ignore spaces & special character ":" ..Can anyone provide some tips please ..
Log
Name: n01firewall_fw01-vsx,Security Policy: fw01-active-14MAR2018,Connections number: 0,Connections peak: 228,Connections limit: 14900,Accelerator Status : on
Requirement
"Name" : "n01firewall_fw01-vsx"
"Security Policy" : "fw01-active-14MAR2018"
"Connections number" : 0
"Connections peak" : 228
"Connections limit : 14900
Fixed .
Name:\s*%{DATA:hostname},Security Policy:\s*%{DATA:Policy},Connections number:\s*%{INT:connection_count},Connections peak:\s*%{INT:connection_peak},Connections limit:\s*%{INT:connection_limit},Accelerator Status :\s*%{WORD:accleration_status},Accept Templates :\s*%{DATA:accept_template},Cluster Status:\s*%{WORD:cluster_status}
Don't use a grok filter for this, and especially not with repeated inefficient DATA patterns. Just use a kv filter.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.