KV filter problem with value_split

DanV · May 28, 2018, 2:16am

Hello,

i'm using the kv filter to parse a log, especially field named User that has a string value of:

                User Name: Daniel Venzi

the kv filter is in the format:

             kv {
                         source => "User"
                         value_split => ":"
                  }

as a result i create a key named "Name" with an associated value of "Daniel". But that's not what i need. I want to use the kv filter in way that everything before the value_split is a key and the string after the value_split is the key associated value. Something like:

            "User Name" => "Daniel Venzi"

is there a way to do this?

Thanks in advance!

Badger · May 28, 2018, 2:02pm

You need to set field split to something other than the default, which is space. If, for example, you set field_split => "/" you would get what you want.

system · June 25, 2018, 2:11pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Fields splitting from kv filter not containing blank values Logstash	3	383	January 9, 2020
Strange behaviour kv field_split Logstash	5	853	April 8, 2020
Use kv filter on newline & return split pattern Logstash	3	1081	October 28, 2020
Kv filter's behavior when square brackets in log data Logstash	2	1178	August 18, 2017
How to get kv filter to ignore value_split in data Logstash	3	1645	February 14, 2018

KV filter problem with value_split

Related Topics