KV filter not splitting log

varun1992 · September 3, 2020, 12:36pm

My config file as below. It's not splitting log read by grok

input {
  file {
    path => "/log/ForwardTrafficLog.log"
    start_position => "beginning"
  }
}

filter {

 grok { 	
	 	match => {
 		   "message" => ["%{GREEDYDATA:syslog}$"]
	  	}
   }
   
   kv {
       source => "syslog"
       field_split => " (?=[a-z\\_\\-]+=)"
       value_split => "="
       prefix => "log."
       trim_value => "\""
   }
}


output {
  stdout { codec => rubydebug }
}

My log as below

date=2020-04-23 time=12:14:28 devname="firewall3" devid="oldfwid" logid="0000000013" vwlquality="Seq_num(3), alive, selected" wanin=1130

system · October 1, 2020, 12:36pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
KV plugin filter not working Logstash	5	880	June 27, 2018
KV filter not working Logstash	5	2272	June 28, 2017
Logstash km filter issue Logstash	2	341	October 30, 2018
Kv filter seems to be working Logstash	2	317	September 26, 2019
Question on kv filter Logstash	2	263	January 31, 2023

KV filter not splitting log

Related topics