Logstash filter customize

abu.sayeed · August 14, 2017, 5:10am

my data type:

I need discovery available field
Host:
status:
client:
operator:
message_delivery_time:

how can I write logstash filter?
Please anybody help me
thanks

magnusbaeck · August 14, 2017, 5:28am

You have two options:

Use a grok filter to extract all the fields you're interested in. If you don't know regular expressions you can get help from the grok constructor web site.
Use a grok filter to separate "[INFO] status => fail" from the rest of the string, which is instead passed to a kv filter.

The latter is more flexible and tolerant against changes in the log message.

Topic		Replies	Views
Split problem in logstash Logstash	3	493	September 7, 2017
How can split discovery message field? Beats filebeat	8	5335	September 25, 2017
Logstash filter file don't work Logstash	4	572	November 21, 2017
Grok Syntax Logstash	2	257	October 19, 2020
Grok filter issue with data on Logstah config Logstash	4	350	June 7, 2019