How to eliminate square brackets in the parsed logs

The pattern is : match => { "message" => "%{SYSLOG5424SD:time}%{SYSLOG5424SD:level}%{SYSLOG5424SD:message} %{SYSLOG5424SD:node} realm %{SYSLOG5424SD} authenticated user %{SYSLOG5424SD:user}, with roles %{SYSLOG5424SD:role}" }

And the parsed output is [2020-09-14T09:28:05,343][DEBUG][o.e.x.s.a.e.NativeRealm ] [cle-data-0] realm [native1] authenticated user [logstash_admin_user], with roles [[logstash_admin, logstash_system, superuser]], [o.e.x.s.a.e.NativeRealm ]

How can I eliminate the square brackets in the output?

Use mutate+gsub. Something like

mutate { gsub => [ "message", "[\[\]]", "" ] }

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.