How can I split fields

mikygee · August 29, 2017, 12:18pm

Hello,

I have a field that looks like that
lists: list1 list2
The number of lists is not defined, here it's 2 but it can be 3 or 4

I'd like to create new fields with new values
lists1 => list1
lists2 => list2

Do you know how can I do that ?

The syslog message looks like this
IP.43.144.37: disconnected after 11 seconds. lists: blockliste spamliste
And I have a grok rule that retrieves "blockliste spamliste"

I would like to make statistics regarding spam lists: the spam list that bloc the most spam mails.

Regards

Mojster · August 29, 2017, 12:26pm

First of all I would suggest to split by " " using mutate.

For the second step, here's a topic over iteration:
Iteration in Logstash

mikygee · August 29, 2017, 3:52pm

Thank you for your answer, I will make some tests.

system · September 26, 2017, 4:04pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Splitting a data field into two Elasticsearch	6	8614	July 12, 2017
Create fields by splitting a log Logstash	8	1226	April 2, 2020
Logstash split fields into new fields(field1, field2, field3, field4, field5) Logstash	15	746	March 22, 2018
Help splitting field into two Logstash	5	475	May 23, 2019
Split Logfiles Logstash	4	215	July 26, 2018

How can I split fields

Related topics