In the above picture you can see message,timestamp and fields which is added by grok pattern.
with use grok pattern take value from message and added into fields(set names in grok).
now in fields you can see values but in the message the values also here and it doesn't make any sense .
I want see in message field only message of log.
for more detail here is my grok pattern :
filter{
if [fields][log_type] == "gbase"
{
if [level] in [ "Error", "Fatal" ]
{
grok { match=> ["message","%{DATESTAMP:timestamp} %{WORD:processId} %{LOGLEVEL:level} %{USERNAME:logger} %{USER:user} %{URI:requestUrl} %{USER:method} %{IPV4:clientIp} %{GREEDYDATA:message}"]}
}
else
{
grok { match=> ["message","%{DATESTAMP:timestamp} %{WORD:processId} %{LOGLEVEL:level} %{USERNAME:logger} %{USER:user} %{IPV4:clientIp} %{GREEDYDATA:message}" ]}
}
}
}
How can I make this ?