How to grok parse a pipe | delimited string of key-value pairs (sorta like FIX)

kmiklas · August 6, 2019, 5:46pm

Hello All,

I need to grok a pipe-delimited string of values in a grok line; for example:

What is the easiest way to do this? Some ideas I had:

Some sort of grok split
Custom Python parser. Filebeat strips off the log line, and forwards it to a Python script for processing
Editing the source for Filebeat, looking for lines that contain strings like this, and parse them directly in Go
Using the logstash-filter-fix_protocol on Github as a guide:
https://github.com/connamara/logstash-filter-fix_protocol

Any guidance is appreciated.

Thanks,
Keith

Christian_Dahlqvist · August 6, 2019, 5:49pm

I would use a kv filter.

system · September 3, 2019, 5:50pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.