If your log always has pairs of those two lines you could do something like this.
You would need to grok the fields you want and for the hostname stash that in a class variable in the first ruby filter.
If your log always has pairs of those two lines you could do something like this.
You would need to grok the fields you want and for the hostname stash that in a class variable in the first ruby filter.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.