How to remove quotation marks

andre22 · March 16, 2017, 6:35pm

Hi,

the logs I am trying to parse contain some fields in quotation marks:

2016-11-01 00:27:17.034 "157.55.39.145" - ....

What I am trying is the following:

grok {
  match => { "message" => "\A%{TIMESTAMP_ISO8601:eventtime} %{QUOTEDSTRING:c-IP-QS}...
  match => { "c-IP-QS" => """%{IPORHOST:c-IP}""" }

I tried several ways to escape the quotation marks, without success.

'"
"\"
"""

How do I get rid of them?

Thanks a lot!

andre22 · March 16, 2017, 6:57pm

system · April 13, 2017, 6:58pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Grok QS includes quotes, how can I remove them? Logstash	3	9203	May 11, 2017
Mutate filter a word between quotes Logstash	4	489	May 2, 2019
Is there any method to parse json without quotations, kind of file in logstash Logstash	6	1081	July 6, 2017
Grok patterns with quotation marks Logstash	18	6542	June 15, 2021
Quotes in Grok Logstash	3	709	July 6, 2017