Logstash filter - get field?

stefansaye · April 11, 2016, 3:52am

I've got log lines in the following format and want to extract fields:

{
"message" => "...",
"@version" => "1",
"@timestamp" => "2014-07-07T08:49:28.543Z",
"host" => "abc",
"field1" => "content1",
"field2" => "content2",
"field3" => "content3"
}
I neither know the field names, nor the number of fields.

i only want to get the "message"、"@version"、"@timestamp"、"host"、 "field1" and the content of these fields that i want , the output looks like as follows,

"message" => "...",
"@version" => "1",
"@timestamp" => "2014-07-07T08:49:28.543Z",
"host" => "abc",
"field1" => "content1"

Kindly help me to get required output.

warkolm · April 11, 2016, 3:56am

Have you seen https://www.elastic.co/guide/en/logstash/current/plugins-filters-mutate.html?

magnusbaeck · April 11, 2016, 5:46am

Did you look at the prune filter?

stefansaye · April 11, 2016, 7:59am

i can get these field and content as follows,
"message" => "...",
"@version" => "1",
"@timestamp" => "2014-07-07T08:49:28.543Z",
"host" => "abc",

but I neither know the field1 names, nor the number of fields.
the field1 is just an example
i want to get the field that count from the message beginning of the number of sixth .

magnusbaeck · April 11, 2016, 8:11am

So this is the exact same problem as in the other thread? Then I suggest we keep it in one thread and close this one.

warkolm · April 11, 2016, 8:24am

Good point, let's keep it in here - How to remove dynamical field?