Hi,
I am trying to split message by new new line
mutate {
copy => { "message" => "message_val" }
}
mutate {
split => { "message_val" => "\n" }
add_field => { "fullQuery" => "%{message_val[4]}" }
}
the output is coming like
%{message_val[4]}
Is there anything i am missing here?
i solved this with multiple gsub replacements
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.