How can split discovery message field?

abu.sayeed · August 27, 2017, 9:37am

Again I change logstash filter.conf

filter {
grok {
match => { "message" => "@timestamp:%{DATA:ts} host:%{DATA:host} source:%{DATA:source} operator:%{DATA:operator} message:[%{DATA:level}] status => %{DATA:what} | client : [%{DATA:client}] " }
}
mutate {
remove_field => [ "type", "tags", "input_type", "@version", "beat", "offset"]
}
}

discovery logs:
@timestamp: August 27th 2017, 15:33:50.603
t host: vNTDACLSnTALK01
t message: log-level : [INFO ], status : [FAIL], client : [IPDC], cell : [1746710009], message_delivery_time : [2017-08-14 09:46:27,807], operator: [ROBI]
t source: /home/local/group/nazdaq/logs/naztech.log

but don't show field:

status
client
operator
message-delivery-time

So I need help
Thanks

Topic		Replies	Views
Is it possible to split discovery message field? Kibana	3	2300	September 10, 2017
Split problem in logstash Logstash	3	481	September 7, 2017
Logstash filter customize Logstash	2	426	September 11, 2017
How to split log data into message fields when we have dynamic logs Logstash	5	2385	July 3, 2020
Split Logfiles Logstash	4	252	July 26, 2018

How can split discovery message field?

Related topics