Mapping a Data in a log to another Field

Wilks · April 15, 2021, 2:22pm

Hey Everyone,
How do you map a field from the logs to another field. So for example if I have the following log
message":"03-MAR-21 00:30:46|142.122.217.10 |1| I want to parse out |1| but also then map it to an index that says Authentication failed. So for example:
|1| would be Auth failed
|2| would be auth passed.
|3| would be logout

We have the numbers in the logs but I want to have it show up as a more user friendly field. So we don't have to lookup what |1| means, we would know that it means Auth Failed
What's the best way to do this?

Badger · April 15, 2021, 2:54pm

Use a translate filter.

system · May 13, 2021, 2:54pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Goes through data in a field to parse Logstash	3	239	June 6, 2021
Problem overwriting field using json filter plugin Logstash	4	753	April 5, 2022
Logtash copy one field to another in a different log Logstash	1	206	March 1, 2023
Help on mapping for "catch-all" fields Elasticsearch	3	1498	July 5, 2017
Parse failure (object mapping for [trace.detail] tried to parse field [null] as object, but found a concrete value) Logstash	2	291	July 19, 2023

Mapping a Data in a log to another Field

Related Topics