How to include %{} variable in the gsub

(darshan) #1

I am new to logstash, and i stuck in parsin some antivirus log .
Can any one please tell me how to use dynamic variable like %{} in the gsub to replace.

Thank you


(Magnus Bäck) #2

That should work just fine. Please show us what you've tried, what happens, and what you expected should've happened. Are you sure the field you're trying to use actually exists?

(darshan) #3

11/24/2015 12:46:45 PM "F:\sysusb\usbdur.exe" "BackDoor-EGK" "2" 11/24/2015 12:46:57 PM "F:\e9naq.exe" "" "2" 11/24/2015 12:47:03 PM Total objects scanned: 1298 11/24/2015 12:47:03 PM
i need to match %{DATE} %{TIME} (AM|PM)

Thank You


(Magnus Bäck) #4

What do you mean? You want to extract the date and time from the message? Or replace them?

(darshan) #5

I want to replace them

(darshan) #6

@magnusbaeck Please help me regarding this problem. how can I replace date and time field from the above log.

Thank you.

(Magnus Bäck) #7

You are giving to few details. What do you want to replace the date and time with? If you give an example of an original log line and how you want it transformed it'll be much easier to understand what you're trying to accomplish.

(darshan) #8

Thank you @magnus , i solved that problem.

(system) #9