Hi
I have a log field in the pattern: PRODUCT_GLOBAL_20170706024756466_0000000004069390
My requirement is to extract 0000000004069390 from the field and store it in a new field named FieldX.
Can anyone please help me in guiding how can I extract sub string from the log.
I tried using split in mutate but it is not working.
split => { "parsedIDocList.id" => "" }
Thanks
Always post logs and configuration as preformatted text. I have adjusted your configuration snippet to reflect what I think your actual configuration is.
I tried using split in mutate but it is not working.
split => { "parsedIDocList.id" => "_" }
That's not the correct syntax for nested fields, see Accessing event data and fields | Logstash Reference [8.11] | Elastic.
You could also consider using a grok filter, although I'd expect it to be less performant that a split filter.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.