Logstash split String

Thomas-cc · May 8, 2017, 2:39pm

Hallo all togehter,

i have build a new instance with icinga-beat->logstash->elasticsearch->kibana (all with the newest version)

Everything works fine, but i have a litte problem with split one string to an array.

The variable in want to split is "check_result.output" and an sample Output in Kibana would be "c:\ - total: 59.66 Gb - used: 47.92 Gb (80%) - free 11.73 Gb (20%) ". So now i want to split these string to an array (seperator should be "-")

I build up a new logstash.conf file with this filter:

filter {
mutate{
split => ["check_result.output", "-"]
add_field => {
"event" => "%{check_result.output[0]}"
"eventSource" => "%{check_result.output[2]}"
}
}

The new fileds get generated in the Kibana Dashboard, but the values from the array are not visible, it just shows: %{check_result.output[0]}

magnusbaeck · May 8, 2017, 2:47pm

The syntax for how the reference nested fields is described here: https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html#logstash-config-field-references

system · June 6, 2017, 7:31am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash Mutate Split doesn't work Logstash	3	714	August 14, 2018
Split nested json array from log Logstash	13	3994	May 18, 2020
Split text field into array Logstash	2	856	November 20, 2017
Flatten the json array into field in filter of logstash Logstash	2	1825	July 11, 2018
Get the Value of an array, in the output config Logstash	4	1463	March 26, 2018

Logstash split String

Related topics