Logstash : Filter column values in a log

Moulika_Magatapalli1 · December 21, 2018, 2:45pm

Hi , I am using Logstash to parse and filter the data. The input data looks something like this:

Nov 28 23:00:31   Phase 0 ended (4 seconds)
                        X Time    X/S    X/SK S/C
                           0.140 [  : 1]   0% TEXT
                           0.270 [  : 1]   0% TEXT
                           0.080 [  : 1]   0% TEXT
--------------------------------------------------------------------------------
               B/W            R/W      S/R               SF            V    P/W
              
               0               0      [: : 0]          7535996       text   text                                       
               0               3      [: : 0]          7535996       text   text 
               1235            2      [: : 0]          7535996       text   text 
			   out             0      [: : 0]          7535996       text   text
               0               0      [: : 0]          7535996       text   text 			 
-----------------------------------------------------------------------------------

I want to access R/W column values. Can anyone help me solving the problem ?

NerdSec · December 24, 2018, 5:56am

What is the data that you need from this? And how are you consuming this?

Moulika_Magatapalli1 · December 24, 2018, 6:11am

In the above sample log, there is a column R/W. I want the sum of R/w column.

NerdSec · December 24, 2018, 10:23am

And how is this data coming? Is it possible to filter out the remaining data from the file?

If you can filter it out, you can use dissect or kv to easily parse the data.

Regards,
Nachiket

Moulika_Magatapalli1 · December 26, 2018, 6:30am

Thank you for the response. It was quite helpful but it couldn't solve my problem. In my case it is unable to detect the pattern. This is how my dissect is :
dissect { mapping => { "message" => "%{B/W} %{R/W} %{S/R} %{SF} %{V} %{P/W}" } }

NerdSec · December 27, 2018, 7:35am

How did you filter out the data that was not needed? Please post the solution if you don't mind, it will probably help others in the future.

From the sample logs, it looks like there are multiple delimiters in your input data. The dissect pattern does not account for multiple consecutive delimiters. Try using the following kind of pattern. More information is available in the docs.

%{BW->} %{RW->} %{SR->} %{SF->} %{V->} %{P/W}

system · January 24, 2019, 7:35am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to Parse logfile with columns informations Logstash	8	601	August 30, 2018
Parsing logs from text file using using logstash Logstash	2	958	November 15, 2021
Logstash Filter help - Newbie question Logstash	6	315	February 17, 2022
Parsing Text file with Pipe(\|) separated fields Logstash	3	2977	April 3, 2019
CSV Filter Logstash	1	498	December 8, 2017

Logstash : Filter column values in a log

Related topics