How to remove date and time in message

Roccof97 · January 13, 2022, 1:42pm

Hi,

how can i remove the date and time from the message field? and above all is it possible?
example screen shot:

Tomo_M · January 13, 2022, 2:38pm

I suppose it is possible using grok filter plugin with logstash while ingestion.

Roccof97 · January 13, 2022, 2:45pm

i'm already using the grock filter but i can't figure out how to remove the date from the message i tried the gsub function but i didn't succeed here is the example:

if [fields][log_type] == "maillog" {
grok {
break_on_match => false
match => { "message" => "%{SYSLOGTIMESTAMP:timestamp}" }
}
date { match => [ "timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
mutate {

   gsub => ["message", "\d{3} \d{2} \d{2}:\d{2}:\d{2}", ""]

}

leandrojmp · January 13, 2022, 2:59pm

You can use the dissect filter to parse your original message field and override it with everything else except the date.

     dissect {
         mapping => {
             "message" => "%{} %{} %{}:%{}:%{} %{message}"
         }
     }

This will transform any message with the format:

MMM dd HH:mm:ss some text from your message

Into

some text from your message

For example, Jan 13 14:59:30 sample text will become sample text.

system · February 10, 2022, 3:00pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash - filter message Logstash	3	232	April 23, 2020
Strugging with the date filter Logstash	3	531	July 25, 2018
Remove message and replace timestamp fields Logstash	3	268	April 29, 2020
Extract date and time from message field into a dedicated field Logstash	4	872	October 16, 2019
Remove message on filter before inserting in ES Logstash	4	6201	July 6, 2017

How to remove date and time in message

Related topics