Hi,
I am using logstash to ingest data into the Elasticsearch using a txt file.
I build a regex query to extract msg-id field from the logs, but msg-id field is not getting extracted though the regex query is working fine.
Any changes/suggestions are required in the regex query for msg-id field.
The original msg-id field value is "MSGID: " which is not getting mapped in output.
regex testing link-https://regex101.com/r/R1ohvI/1
Original FIlter-
filter-
filter{
grok {
break_on_match => false
match => {
"message" => [
"(MSGID|Message Id)\s*:\s*(?<msgid>(?:(?!Mobile)[A-Z0-9a-z+-]){7,36})",
]}}}
Output-
{
"host" => "dev",
"message" => "10/11/2021 5:49:43 PM,MSGID: <CSError>Mobile_Number: <>Job_no:<>User_id<> mstrGateWay <>\r"
}
After adding "<>"sign in msg id field, I am able to get msg id field in output, but I don't want output, instead I want this output "CSError"
Updated FIlter-
"message" => [
"(MSGID|Message Id)\s*:\s*(?<msgid>(?:(?!Mobile)[A-Z0-9a-z+-<>]){7,36})",
Output-
"host" => "dev",
"message" => "10/11/2021 5:49:43 PM,MSGID: <CSError>Mobile_Number: <>Job_no:<>User_id<> mstrGateWay <>\r",
"MSGID" => "<CSError>"
Thank you in Adance