KV filter in logstash 7.2.0 doesn't store a key having empty value

ritesh_singh · August 2, 2019, 6:48am

Hi
I am trying to parse a log in the following format

i am using KV filter plugin to get it done, but i am getting issue that the keys having no values are getting skipped and not getting parsed. Please help

i am using the following code :

grok{
match=>{
"message"=>"%{TIMESTAMP_ISO8601:dateTime}\s+{GREEDYDATA:CDR_Body}"
}
}
grok{
match=>{"dateTime" => "%{DATE:date} %{TIME:time}"}
}
kv{
source => "CDR_Body"
value_split => ":"
field_split => "|"
remove_field => ["dateTime"]
remove_field => ["message"]
}

Badger · August 2, 2019, 12:56pm

This is working as designed. (Looking at the test cases for the PR that introduced the 'whitespace' option they verify that empty fields are not captured.)

If you know what the fields are called you might be able to use the default_keys option to supply values for those fields.

system · August 30, 2019, 12:56pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kv filter: empty value after key yields strange behavior Logstash	7	2805	September 5, 2018
Fields splitting from kv filter not containing blank values Logstash	3	383	January 9, 2020
Kv filter with empty value Logstash	3	2300	July 6, 2017
KV filter to display null keys Logstash	2	657	October 5, 2018
KV Pair Filter with empty values - Logstash 6.2.3 Logstash	1	436	May 11, 2018

KV filter in logstash 7.2.0 doesn't store a key having empty value

Related topics