I have a log file with each line being a long string (each being very similar). An example line is = "12345555678890,1234567890ABBCCDDEEFFGG123456789GGFFFEEDDCCBBAA" All I want is the numbers in between the two G's. Those numbers are always at the same index, can I get that part of the string by index somehow?
Sorry if this is a very easy question, I just started using logstash and really unfamiliar with it.
PS, if you know how to manipulate the taken string and rearrange the characters as well, much would be appreciated! Thank you!!
Try
grok { match => { "message" => "GG%{NUMBER:someField:int}GG" } }Thanks this helped! But for some reason the int field in the middle starts with a 0 so it wasn't captured in the "somefield"
Also, if the field was FFFFFFFFFFFF07123456678997F8FFF, how can i get the num with 8 included that's between the two F's. I would like to have it as the same field as the first part.
To capture the leading zero you could change it to
grok { match => { "message" => "GG(?<someField>[0-9]+)GG" } }
For the other string what substring do you want to extract?
I want to be able to extract the "07123456678997F8" without the F in "1234564675FFFFFFFFFFFF07123456678997F8FFF"
But thank you so much for the help! 
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.