Hi Team,
I am using KV filter for my log statement , sample log statement
[INFO]|logtype:SYSLOG|datetime:2019-02-20T16:59:55.045+0530|hostname:ABCD|threadId:87-pool-3-thread-8(main)|userId:null|payload:<?xml version="1.0" encoding="UTF-8"?>KeyWords="|ABCD:XYZ:ABCD:2|EF:KL:UV:2
I don't want to split in side payload field(Example : |ABCD:XYZ:ABCD:2|EF:KL:UV:2") , could you please suggest me how can we achieve this .
Thanks in advance.
Use grok to capture it separately, and mutate+gsub to remove it.
grok { match => { "message" => [ 'KeyWords="%{GREEDYDATA:keywords}' ] } }
mutate { gsub => [ "message", 'KeyWords=".*', '' ] }Thanks for the response..
But its not working, its not replacing .
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.