hi,
I am trying to parse NAS logs,in that i have field "to" in to there are number of receiver address and my logs are streaming logs. so i cant predict how many receiver address will be there in that field
how to parse such kind of data
below are the value of my field
<a.com>,<b.com>...... so on
thanks
for this we need more detail of the log.
but if these are the values of one field. then you could use the gsub filter and replace the "<" and ">" and create an array then elasticsearch will save all values in one field.
and https://www.elastic.co/guide/en/logstash/current/plugins-filters-mutate.html#plugins-filters-mutate-replace
to add brackets at the beginning and at the end.
mutate { replace => { "field" => "[%{field}]" } }
You can use mutate+split to convert that to an array.
Thanks It works
mutate {
split => {"field_name" => "," }
}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.