I cant set values in new fields

Jonny3 · January 14, 2020, 6:06am

I use grok to differentiate the content in each line of the log and mutate to create a new field and be able to assign those values but it doesn't work, write the configuration content literally.

I don't have compiling problems. I try the first one and the second and nothing change.

  grok {
    match => { 
      "message" => ["%{DATE:date} (?:(?:%{TIME:time})|(?:%{TIMEX:timex})) %{WORD} (?:(?:%{PROG:prog})|(?:%{PROGRAM:program})) (?:\(%{USERNAME:value}\)) (?:%{WORD:level}\:) %{GREEDYDATA:text}"] 
    }
    pattern_definitions => {
      "TIMEX" => "(?!<[0-9])%{HOUR}:%{MINUTE}(?::%{SECONDX})(?![0-9])"
      "SECONDX" => "(?:(?:[0-5]?[0-9]|60)(?:[:.,][x]+)?)"
      "PROGRAM" => "(?:%{PROG}\s\-\s%{PROG})"
    }
  }

  mutate {
        add_field => { "Host" => "%{value}" }
	add_field => { "Level" => "%{level}" }
	add_field => { "Text" => "%{text}" }
  }

Is something wrong?

Thanks

Jonny3 · January 14, 2020, 8:32am

I answer myself with this wonderful entry

That was my problem...

system · February 11, 2020, 8:32am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Adding new fields from grok filter in logstash Logstash	1	547	November 20, 2018
How to assign the extracted data from log file to new added fields Logstash	6	284	September 27, 2020
Reference a value from new added field within grok match setting Logstash	1	161	April 11, 2022
I want to add new field and replace the one of the existing field value to the newly added field Logstash	1	283	September 13, 2019
How to assign a new field a certain type and value? Logstash	3	16551	July 6, 2017

I cant set values in new fields

Related topics