Parsing process ID incorrectly

WorkFlow:

Beats (7.0) > Logstash > Elastic

Issue:

The process ID shown below in Elastic is not parsed correctly, we would like it to be without commas.

event.ParentProcessId : 1,739,524,678,541

Three different configs I have tested, in our logstash,

filter {
kv {
source => "metadata"
trim => """
include_keys => [ "ProcessId","ParentProcessId"]
target => "kv"
}

filter {

grok {

match => { "message" => %{DATA:ProcessId},%{DATA:ParentProcessId} }

}

}

filter {
if [event][ParentProcessId]
grok {
match => { "message" => %{DATA:ParentProcessId} }
}
if [event][ProcessId]
grok {
match => { "message" => %{DATA:ProcessId} }
}
}

Any ideas, what am I missing here?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.