Kv filter value is not always correctly extracted using value_split_pattern

Elastic Stack Logstash
1

Hello,

I have a problem extracting values using kv filter. I would like to extract the values which are seperated from key by the spaces or by the equal signs. My configuration looks like that:

		kv {
			include_keys => [ "key1", "key2", "key3", "key4"]
			include_brackets => true
			source => "message"
			value_split_pattern => "\s=?\s?"
		}

The key value pairs like:

key1 <value1>
key2 = value2

Are correctly extracted in the elasticsearch but the value like:

key3 = <value3>

Are not extracted at all. I expected it to be extracted without the angle brackets, as include_brackets option is set to true.

Is there some problem with the configuration I am not aware of or is it a problem with kv filter?

2

Hi,

I am trying to replicate your problem and I can not find the issue, which version of logstash are you using?

Logstash version 6.4.2 works just fine with this kv configuration.

3

Hi,
Thanks for your reply. I used Logstash 6.4.0 for that task - I'll check with 6.4.2 and I'll be back with the answer if the problem still exists or not.

4

kv filter works fine with logstash 6.4.2 - the issue must have been fixed halfway from 6.4.0.

5

Great, glad to hear that the problem was solved. :slight_smile:

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.