Hi,
We can see there are different values for "partition" for the "XYZ" operation logs (logtype also same).
loglines are:
(1). 2023-01-05T20:46:21.36348538Z stdout F 2023-01-05 20:46:21.363 [INFO] - {"logtype":"ABC","operation":"XYZ","partition":,"topic":"INT_XXXX_TD"}
(2). 2023-01-05T20:38:26.998223061Z stdout F 2023-01-05 20:38:26.998 [INFO] - {"logtype":"ABC","operation":"XYZ","partition":[{"Topic":"INT_XXXX_RETRY","Partition":1,"Offset":-1111,"Metadata":null,"Error":null},{"Topic":"INT_XXXX_RETRY","Partition":0,"Offset":-1111,"Metadata":null,"Error":null}],"topic":"INT_XXXX_RETRY"}
(3) 2023-01-05T20:46:21.36312474Z stdout F 2023-01-05 20:46:21.362 [INFO] - {"logtype":"ABC","operation":"XYZ","partition":[{"Topic":"INT_XXXX_TD","Partition":0,"Offset":-1111,"Metadata":null,"Error":null}],"topic":"INT_XXXX_TD"}
In above 2 logs the "partition" value is not constant some times it is "null" and sometimes it is "Array". I need to drop "partition" value is "null" logs and only i need to get remaining logs (i.e log number 2 &3).Could you please guide me how to get "partition" as a field in kibana and which condition i need to mentioned in logstash config.