Hi Team,
I am trying to add a field but not getting expected result please assist, surely i am overlooking something. It's logstash-2.3.2-1
grok{
match => ["message", "%{WORD:appname}"]
}
mutate {
add_field => { "ApplicationName" => "%{appname}" }
}
========
appname=Testing123
I am expecting "ApplicationName" = Testing123 but i am getting:
"ApplicationName" => "%{appname}"
Thanks & Regards,
I just tried with logstash 2.3.2 and your configuration, and it works just fine.
Are you really sure appname field is filled ? Are you sure that appcase field has this case (not Appcase for example)
I invite you to use this output to debug your problem :
output {
stdout { codec => rubydebug }
}Perhaps this is just a simplified example, but why not capture the string directly into the ApplicationName field instead of using appname and copying that string to ApplicationName?
Appname wasn't blank and i was looking at rubydebug only. And Appname, i am trying to retrieve from given URL, so it was like that.
I tested this scenario just now and i got my result, here is update:
tested with:
mutate {
add_field => { "testrun" => "%{testrun}" }
add_field => { "critical" => "%{critical}" }
}
Below is console output of rubydebug: [ This created my confusion, i don't know why i am getting this output where i was expecting "testrun" = 0]
"testrun" => "%{testrun}",
"critical" => "%{critical}",
where as elasticsearch is showing testrun as a field. [my expectation] and 0 as value
add_field => { "testrun" => "%{testrun}" }
I don't get it. What is this supposed to do? You're assigning a field to itself which doesn't strike me as a very useful operation. What does an event look like without the mutate filter above?
source of testrun:
grok {
match => {"message" => "Tests run: %{INT:testrun}"}
}
i am trying to create a field "testrun" where i will be inserting value of tests executed during a build.
I repeat: What does an event look like without the mutate filter above?
In other words, what does your Logstash's input look like?
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.