I am looking for a filter to filter out based on the words in a log message. For example,
Log messages - This is a test message from server hosted in AWS and This is a test message coming from server hosted in AWS
Requirement - New field with value test message from server and test message coming from server. that is, filter out the content between words "test" and "server" and put it into a new field.
I tried grok and dissect filter, but neither met my requirements.
Thank you for your prompt response, Rios. Could you please explain how to use that grok filter to filter out messages that contain two known words?
2022-06-23T07:13:08.091Z ERROR controllers.IPpool TEST-ERROR - IP inconsistency detected {"namespace": "smoke-test", "name": "ip-out-of-range-test-ingress", "host": "ip-out-of-range-test.kubernetes-test.example.com", "frontend-ip": "0.0.0.0", "error": "Assigned IP outside of pool range."}
github.com/go-logr/zapr.(*zapLogger).Error
/go/pkg/mod/github.com/go-logr/zapr@v0.1.0/zapr.go:128
I need to move the content between "TEST-ERROR" and "go-logr · GitHub" to a new field, regardless of what comes before or after that. This is how the new field should look:
IP inconsistency detected {"namespace": "smoke-test", "name": "ip-out-of-range-test-ingress", "host": "ip-out-of-range-test.kubernetes-test.example.com", "frontend-ip": "0.0.0.0", "error": "Assigned IP outside of pool range."}
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.