Hi Elastic Team,
I need to filter of the field with \n as the delimiter in dissect filter.
Saw that logstash 6.0 has feature enabled.
config.support_escapes: true
The filter what I have written is as follows;
dissect {
mapping => {
balsdata => "%{}Privacy:%{Privacy:}\n%{}"
}
The above didn't work for me. Is it possible to do the above use case using dissect filter. If possible what is the changes to be made to filter.
Thanks
dorj1234
January 4, 2018, 4:09pm
2
I wonder if you found a solution to this issue. I am having a similar challenge using config.support_escapes: true
guyboertje
January 4, 2018, 5:14pm
3
You can use an actual newline but there is a bug about this.
input {
generator {
message => "<Sep 26, 2017 7:56:38:265 PM> <c60ea685-4f68-454d-b0b3-4b7279a19f1e-00000090> <Bte_NsketefJerlsw_Vlfsirb_1_1> <CidhoegLsi5hs: KFSDbpdgBrvkdhsny> <ndygkcvsdwifg> <mht> <qwe.rtyuio.aYre.qazxswedcvfrt.fvb.bo.MNBVzxcvLkjhgfdsa> <run>
<QWERTY: qwerty.qwerty.qwerty
qwerty
qwerty
qwerty
>"
count => 1
}
}
filter {
dissect {
mapping => {
message => '<%{time}> <%{data1}> <%{data2}> <%{data3}> <%{data4}> <%{data5}> <%{data6}> <%{data7}>
<%{data8}>%{rest}'
}
}
}
output {
stdout {
codec => rubydebug
}
}
notice the multiline single quoted string - for the message => '' line.https://github.com/logstash-plugins/logstash-filter-dissect/issues/47
Hi ,
First of all ,thank you for your response and apologies for delayed reply.
I tried dissect filter as you suggested but it didn't work. My filter is as below:
dissect {
mapping => {
balsdata => '%{}Privacy:%{Privacy:}
%{}'
and also I have made the below config change in logstash .yml:
config.support_escapes: true
Please suggest if I have to try it out in a different way.
Thanks
system
February 14, 2018, 10:39am
5
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.