Hi everyone :
I am new to learn ELK, then I'm challenges in using kv filter now.
Let me make it brief, the following is one part of my dataset:
s1Label=Rule cs2Label=URL Category cs3Label=Virtual System
then my configure is
filter {
kv{
field_split=>" "
value_split=>"=" }
the result I got was
"s1Label":"Rule"
"cs2Label":"URL"
"cs3Label":"Virtual"
How can I get the values including space and set field_split=>" " at same time ?
Or is there any other filter to do that except grok , because all data is not arranged in order.
Anyway, I want data to separarate key, value as mentioned below by kv filter
"s1Label":"Rule"
"cs2Label":"URL Category"
"cs3Label":"Virtual System"
Please help me or give me some ideas for it, I'll appreciate. Thank a lot !