When I run
input { generator { count => 1 lines => [ 'Output: Export (1)
Export name: test123
Export file format: salesforce
Amount requested: 1
Last balance: 43087128
Current balance: 43087127
Searched fields and terms:
Identifiers: 04475444000129
' ] } }
filter {
grok {
match => {
"message" => "Output: %{DATA:output}\\nExport name: %{DATA:export_name}\\nExport file format: %{DATA:export_file_format}\\nAmount requested: %{DATA:amount_requested}\\n\\nLast balance: %{DATA:last_balance}\\nCurrent balance: %{DATA:current_balance}\\n\\nSearched fields and terms: %{DATA:search}\\n\\tIdentifiers: %{DATA:identifiers}\\n%{GREEDYDATA}"
}
}
}
output { stdout { codec => rubydebug { metadata => false } } }
It works fine for me...
"identifiers" => "04475444000129",
"export_file_format" => "salesforce",
"export_name" => "test123",
etc. I suggest you read this.