Logstash KV plugin working

Hi,

I am trying to use logstash's KV plugin. I have following log format:
time taken for transfer for all files in seconds=23 transfer start time= 201708030959 transfer end time = 201708030959

My .conf file has following KV plugin:
filter {
kv {
value_split => "="
}
}

When I run logstash, it parses complete log file line by line excluding the one having "=". I need seconds, start time and end time to be separated as key value pairs. Please suggest.

I have used kv as well, and what i did is, i used mutate gsub the key into one word
example :
Here, i remove all the spaces, so that it will become key=value
transfer start time = transfer_start_time
transfer end time = transfer_end_time

then do kv filter.

Hope this helps.

Thanks, I will try this.

Hi,

I could parse all the data and could see that in Kibana. But for "time" key, it combines both the values in a single field. Like time = "201708030959 ,201708030959". Which seems to be correct as per default implementation.

I need both the timings as separate fields like "start time = 201708030959" and "end time=201708030959". So, that I can use them separately. You mentioned to use gsub to make new field from available one. Can you please show how exactly we can do that?

Thanks,

Hi,

Can you please provide an example of it to combine the field?

Thanks,

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.