Problem using trailing delimiter in dissect

Badger · February 12, 2018, 10:04pm

When I dissect a message like this:

input { generator { message => ';abc|def;' count => 1 } }
filter { dissect { mapping => { "message" => ";%{a}|%{b};" } } }
output { stdout { codec => rubydebug } }

I get the trailing semi-colon included in b, which, for me, is counter-intuitive. I know I can mutate/gsub the trailing character away, but it feels wrong. Is there a way to modify the dissect string to get this to set "b" => "def"?

       "message" => ";abc|def;",
      "sequence" => 0,
             "a" => "abc",
             "b" => "def;"

Semyon · February 12, 2018, 11:03pm

Try adding silent/ skip field, at the end of message like so:
filter { dissect { mapping => { "message" => ";%{a}|%{b};%{}" } } }

system · March 12, 2018, 11:03pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Why is my logstash skipping delimiter in dissect mapping? Logstash	2	313	August 27, 2018
Logstack dissect missing delimiter Logstash	3	378	May 9, 2018
Understanding dissect behaviour Logstash	8	843	September 30, 2019
Dissect with a backslash at the end of the log line Logstash	5	919	February 28, 2020
Help using logstash dissect filtering Logstash	3	325	June 18, 2019

Problem using trailing delimiter in dissect

Related topics