Hi Everyone,
I have a log file to parse as below:
INFO - ID1 - 2019/01/01
INFO - ID2
Other logs 2019/01/02
INFO - ID3 - 2019/01/03
How can I use Aggregate Filter plugin to produce below?
ID1 2019/01/01
ID2 2019/01/02
ID3 2019/01/03
Thanks
Any idea or suggestion?
You could try doing it in ruby
if [message] =~ /^INFO/ {
grok { match => { "message" => "INFO - %{WORD:id}" } }
}
ruby {
code => '
id = event.get("id")
if id
@id = id
else
event.set("id", @id)
end
'
}
if [message] =~ /[0-9]{4}\/[0-9]{2}\/[0-9]{2}$/ {
grok { match => { "message" => "(?<date>[0-9]{4}\/[0-9]{2}\/[0-9]{2})$" } }
} else {
drop {}
}
1 Like
Thank you so much Badger! It works like a charm!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.