Logtash copy one field to another in a different log

tegerei · February 1, 2023, 12:39pm

Hello,
I have the following sample log.

Feb  1 15:30:49  sudo: pam_unix(sudo-i:auth): authentication failure; logname= uid=10050 euid=0 tty=/dev/pts/2   user=test



Feb  1 15:30:50  sudo: pam_sss(sudo-i:auth): authentication success; logname= uid=10050 euid=0 tty=/dev/pts/2

I am using elapsed logstash filter to calculate the time difference. I have it working, however I need the second log to have the field user=test as in first log so that I can use the field in Kibana Visualization.
Any ideas on how this can be achieved?
Thank you.

system · March 1, 2023, 12:40pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Copying @timestamp in custom field not working Logstash	5	1894	July 6, 2017
Copy Field from a new processed document to an old Document Logstash	1	251	November 1, 2020
Mapping a Data in a log to another Field Logstash	2	291	May 13, 2021
Using field value from one filter logstash to another field Logstash	2	1346	November 19, 2019
Copy value of @timestamp to another field Beats filebeat	5	883	October 20, 2021

Logtash copy one field to another in a different log

Related Topics