Discuss the Elastic Stack

Parse KV:s beginning with a <XXX>key=value

Elastic Stack Logstash

Elitlogik November 30, 2020, 11:54am 1

Is there a way to easily remove the leading in a key-value sequence?

<XXX>key1=value1 key2=value2 key3=value3

Filter looks like this now:

filter { kv {} }

Thank you for your support!

Badger November 30, 2020, 3:45pm 2

You can do it with mutate

mutate { gsub => [ "message", "^<\d+>", "" ] }

Elitlogik November 30, 2020, 10:14pm 3

Thank you very much for the solution! You also learned me how the filter is working.

Topic		Replies	Views	Activity
Remove the beginning of message then apply kv filter Logstash	7	409	November 26, 2019
KV trim_key or remove_char_key Logstash	2	1265	November 15, 2017
Removing leading character and trailing 2 characters Logstash	15	5973	February 12, 2020
Remove a key that starts with 0 to 9 Logstash	1	269	June 2, 2021
How to trim zero or more leading and trailing spaces from key-value pairs? Logstash	8	7702	March 1, 2018

© 2020. All Rights Reserved - Elasticsearch

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.