I am trying to parse a message that will have multiple items that I am trying to capture into an array.
For example :
message: test message @word blah blah @word test ...
In this case, the number of captures can and will be different per message field.
I cannot seem to figure how to capture these specific words that start with an @ symbol.
I would do that in ruby
ruby { code => 'event.set("matches", event.get("message").scan(/@\w+/))' }Thanks.
But I will pass on Ruby.
Can you expand on your objection to using a ruby filter in logstash?
Is that a plugin that has to be installed? I am trying to stay with the native plugins.
It is installed by default.
Ah ok. I might it whirl then. Thank you sir.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.