Logstash gsub filter with special characters not working

Elastic Stack Logstash
1

hello all,

I am currently running logstash 6.x with ES 6.x and i am trying to leverage logstash to parse through the data and using mutate and gsub filters

i have a syslog_msg in the current format :slight_smile:

example(): {"token”:”sdssfsfsfs”,”expires":"2018-04-27T08:01:22.405Z"}

i am trying to leverage gsub filter to remove example from this string so that it's a json struct to do further conversion to grab token and expiration fields

here is my filter conf :slight_smile:

filter {

if [logsource] =~ "example-service" {

mutate {
  gsub => [ "syslog_msg" , "example():" , ""]
}
json {
  source => "syslog_msg"
  target => "parsedJsonmsg"
  tag_on_failure => ["_jsonparsefailure"]
  }

}
}

any help appreciated i have tried multiple combinations of example() and trying to see if there is a better way to do this

thanks
CHakri

2

Parentheses have a special meaning in regexps so you need to escape them. You should also start the expression with ^ so it only matches at the beginning of the line.

3

thanks so much.it worked like a charm :slight_smile:

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.