KV filter not splitting log

Elastic Stack Logstash
1

My config file as below. It's not splitting log read by grok

input {
  file {
    path => "/log/ForwardTrafficLog.log"
    start_position => "beginning"
  }
}

filter {

 grok { 	
	 	match => {
 		   "message" => ["%{GREEDYDATA:syslog}$"]
	  	}
   }
   
   kv {
       source => "syslog"
       field_split => " (?=[a-z\\_\\-]+=)"
       value_split => "="
       prefix => "log."
       trim_value => "\""
   }
}


output {
  stdout { codec => rubydebug }
}

My log as below

date=2020-04-23 time=12:14:28 devname="firewall3" devid="oldfwid" logid="0000000013" vwlquality="Seq_num(3), alive, selected" wanin=1130

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.