Logstash gsub filter with special characters not working

chakriv · May 8, 2018, 8:06pm

hello all,

I am currently running logstash 6.x with ES 6.x and i am trying to leverage logstash to parse through the data and using mutate and gsub filters

i have a syslog_msg in the current format

example(): {"token”:”sdssfsfsfs”,”expires":"2018-04-27T08:01:22.405Z"}

i am trying to leverage gsub filter to remove example from this string so that it's a json struct to do further conversion to grab token and expiration fields

here is my filter conf

filter {

if [logsource] =~ "example-service" {

mutate {
  gsub => [ "syslog_msg" , "example():" , ""]
}
json {
  source => "syslog_msg"
  target => "parsedJsonmsg"
  tag_on_failure => ["_jsonparsefailure"]
  }

}
}

any help appreciated i have tried multiple combinations of example() and trying to see if there is a better way to do this

thanks
CHakri

magnusbaeck · May 8, 2018, 8:17pm

Parentheses have a special meaning in regexps so you need to escape them. You should also start the expression with ^ so it only matches at the beginning of the line.

chakriv · May 8, 2018, 9:42pm

thanks so much.it worked like a charm

system · June 5, 2018, 9:42pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Problem to replace field string "\|" with mutate gsub filter Logstash	2	759	June 8, 2020
How to handle special characters (hex encoded) in logstash mutate or grok Logstash	7	293	March 14, 2024
How to replace 'special characters' with a logstash filter Logstash	3	43836	July 6, 2017
Replacing special characters with gsub Logstash	3	2784	April 29, 2020
How to gsub \ in json message Logstash	13	3655	July 15, 2019

Logstash gsub filter with special characters not working

Related Topics