input {
beats {
port => 5044
}
}
filter {
grok {
match=>{'message'=>'%{DATESTAMP:time} %{LOGLEVEL:level} '}
mutate { add_tag => "string in field" }
}
}
output {
elasticsearch {
hosts => ["http://localhost:9200"]
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
}
}
It's always a good idea to write what you are trying to achieve if you want help. This post does not say anything in regards to what you have tried or are trying to achieve. You say you want to replace something.. Your filter has a grok, but you don't even include an example log line..
message : iso.3.6.1.6.3.1.1.4.1.0 = OID: iso.3.6.1.4.1.8072.2.3.0.77
i have this message and i am not able to get any idea about how to replace this with any string
You are still saying nothing about what you are trying to do..
mutate {
gsub => [
"message", "iso 1.78.1000.23", "time to check"
]
}
I am not able to replace the iso 1.78.1000.23
With time to check text
But i can replace it by one word text like cold
Your example message does not contain the string you are trying to match. I would not expect the filter to do anything in that case.
It can be replaced by single word but not by multiple words or sentence
Can you provide an example of a mutate filter that fails including the message that it fails to modify?
Above is the example of mutate filter where it fails
As I said, your example message does not contain the string you are trying to match, so I would not expect the filter to do anything in that case.
I just want to replace my one iso..... With the string
solved....thnx
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.