Logstash: If message contains regex add field

jasdf · May 23, 2017, 11:36am

Hello,

within my Logstash config I'm searching for a regex pattern. If a logfile is found which matches the regex a new field should be added with the found pattern.
The if statement is working but I don't know how to save the exact pattern to a new field. This is my code at the moment:

input {
  stdin { }
}

filter {
  if [message] =~ "[0-9|A-Z]{11}" {
    mutate {
      add_field => {"message-id" => "found pattern from above" }
    }
  }

output {
  stdout { codec => rubydebug }
}

system · June 20, 2017, 11:37am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Adding data to additional fields depending on the content of the message Logstash	2	1015	July 6, 2017
Logstash condition match Logstash	5	3475	July 6, 2017
Parsing a message after the pattern Logstash	4	453	March 30, 2017
Logstash if statement with regex example Logstash	7	18274	March 21, 2017
How to use conditional statement in Filter Logstash	5	2075	July 6, 2017

Logstash: If message contains regex add field

Related topics