Hi All,
I would like to grep the below numeric value before the keyword "DEBUG" from the message field and map it to a new field called OrderID. Kindly let us know the pattern we can apply in order to achieve this context.
message : 375 DEBUG
message : 428 DEBUG
message : 311 DEBUG
message : 580 DEBUG
Expected Output:
OrderID: 375
OrderID: 428
OrderID: 311
OrderID: 580
Regards,
Clyton
Hi
Isn't that a #elastic-stack:logstash question? Or are you using runtime fields?
Thx & Best,
Matthias
BTW: In Kibana you can use the grok debugger for that : Debug grok expressions | Kibana Guide [8.0] | Elastic
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.