Hello everyone! I have a grok pattern which some of its fields may include "null" values. How am I supposed to show null in kibana? or logstash output? I have defined the pattern as number for those fields.
input {
file {
type => "log"
path => "/home/rojin/Desktop/customer/customer.log"
start_position => "beginning"
sincedb_path => "/dev/null"
}
}
filter {
if "INFO" in [message] and "successfully" in [message] {
grok {
patterns_dir => ["path/to/patterns"]
match => { "message" => "pattern" }
remove_field => ["message","@timestamp"]
}
} else if "ERROR" in [message]{
...
}
mutate {
convert => {
"myfield" => "boolean"
...
}
}
}
output {
stdout { codec=> rubydebug }
}
I have a "message" field and I use match in grok filter in a conditional format (there are multiple patterns in my log file) to seperate my fields and then I use remove_field for "message". I have tested below solution but got no result. actually it does not parse my message and does not create fields. (_grokparsefailure):
if "PersonId" in [message] and ![PersonId] {
ruby {
code => 'event.set("person_ID",nil)'
}
}
Can someone please explain help me with this? Thanks in advance!