Problem using trailing delimiter in dissect

Badger · February 12, 2018, 10:04pm

When I dissect a message like this:

input { generator { message => ';abc|def;' count => 1 } }
filter { dissect { mapping => { "message" => ";%{a}|%{b};" } } }
output { stdout { codec => rubydebug } }

I get the trailing semi-colon included in b, which, for me, is counter-intuitive. I know I can mutate/gsub the trailing character away, but it feels wrong. Is there a way to modify the dissect string to get this to set "b" => "def"?

       "message" => ";abc|def;",
      "sequence" => 0,
             "a" => "abc",
             "b" => "def;"

Semyon · February 12, 2018, 11:03pm

Try adding silent/ skip field, at the end of message like so:
filter { dissect { mapping => { "message" => ";%{a}|%{b};%{}" } } }

system · March 12, 2018, 11:03pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.