</> 2018-02-07T10:42:02,831 [ ExtractDwhData] [INFO ] Solife :: Tools :: DWH :: ITK DWH - version : 2.6.0-SNAPSHOT - build #265 on 2018-01-04 08:22:32
2018-02-07T10:42:02,832 [ ExtractDwhData] [INFO ] Starting DWH Data Extraction with run timestamp : 2018-02-07 10:42:02
2018-02-07T12:24:45,167 [ ExtractDwhData] [INFO ] Solife DWH data EXTRACTION finished in 1 hours, 42 minutes, 42.368 seconds
</>
hello everyone
for those three lines i use this config file
</>
input {
file {
type => "test1"
path => ["C:/Users/THINKPAD/Downloads/logstash-6.2.2/essai/."]
}
}
filter {
if [type] == "test1"{
grok {
match =>["message", "%{TIMESTAMP_ISO8601:timestamp}%{GREEDYDATA:message1}\s+Extraction\sbatch\sID\s:\s%{NUMBER:ID_extraction_globale}",
"message","%{TIMESTAMP_ISO8601:start_time_extraction_globale}%{GREEDYDATA:message2}\sStarting\sDWH\sData\sExtraction%{GREEDYDATA:message3}"
,"message","%{TIMESTAMP_ISO8601:END_TIME}%{GREEDYDATA:message4}\sSolife\sDWH\sdata\sEXTRACTION\sfinished\sin%{GREEDYDATA:temps_totales}"]
}
mutate {
remove_field => [ "message1" ,"message2","message3","message4"]
}
if "_grokparsefailure" in [tags] {
drop {}
}
}
}
output {
if [type] == "test1"{
elasticsearch { hosts => ["localhost:9200"]
index=>"globalextraction"}
stdout {
codec => rubydebug
}
}
}
</>
i want to get the result of those 3 patterns in elastic search in one line whish have
the informations
but the problem is i get each pattern in a single line and in the table of elasticearch i have 3 lines
someeone help me to add a command to regroup the result of parsing in one line 