Hi
I have the following filter defined in the logstash.conf
filter {
grok {
match => { "message" => "%{TIMESTAMP_ISO8601:timestamp} (?<thread>\[.*\])? %{LOGLEVEL:level} %{DATA:classname} %{GREEDYDATA:message}" }
}
}
And this works fine, it match the log I have (Java app). Now, when i go to Kibana, all fields defined here (timestamp, thread, level, classname) are shown correctly. The problem is message field. Basically it is shown the full line from the log, for example:
2018-08-30 12:34:58,591 [cluster-nio-worker-0] TRACE c.c.d.c.ClassName Some message here
I think this is because of the first part in match: "message" => ...
I also tried to change "message" to "msg" but then it doesn't work.
How can I have only the message (last part of the log)?
