Logstash filter customize

abu.sayeed · August 14, 2017, 5:10am

my data type:

I need discovery available field
Host:
status:
client:
operator:
message_delivery_time:

how can I write logstash filter?
Please anybody help me
thanks

magnusbaeck · August 14, 2017, 5:28am

You have two options:

Use a grok filter to extract all the fields you're interested in. If you don't know regular expressions you can get help from the grok constructor web site.
Use a grok filter to separate "[INFO] status => fail" from the rest of the string, which is instead passed to a kv filter.

The latter is more flexible and tolerant against changes in the log message.

system · September 11, 2017, 5:28am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Split problem in logstash Logstash	3	463	September 7, 2017
Logstash filter file don't work Logstash	4	535	November 21, 2017
Need Help on Logstash filter If-Else Condition Logstash	1	251	July 28, 2020
Quick Question on Grok and filtering Logstash	3	260	May 21, 2018
Logstash Grok Filter Issue Logstash	2	656	April 14, 2017