Problem using trailing delimiter in dissect

Badger · February 12, 2018, 10:04pm

When I dissect a message like this:

input { generator { message => ';abc|def;' count => 1 } }
filter { dissect { mapping => { "message" => ";%{a}|%{b};" } } }
output { stdout { codec => rubydebug } }

I get the trailing semi-colon included in b, which, for me, is counter-intuitive. I know I can mutate/gsub the trailing character away, but it feels wrong. Is there a way to modify the dissect string to get this to set "b" => "def"?

       "message" => ";abc|def;",
      "sequence" => 0,
             "a" => "abc",
             "b" => "def;"

Semyon · February 12, 2018, 11:03pm

Try adding silent/ skip field, at the end of message like so:
filter { dissect { mapping => { "message" => ";%{a}|%{b};%{}" } } }

system · March 12, 2018, 11:03pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Understanding dissect behaviour Logstash	8	992	September 30, 2019
Repeated delimiters with dissect , how to handle? Logstash	5	2700	July 27, 2017
Why is my logstash skipping delimiter in dissect mapping? Logstash	2	342	August 27, 2018
How to give \n as delimiter for dissect filter Logstash	1	549	January 16, 2018
Dissect filter is not dissecting properly Logstash	2	2332	February 1, 2018

Problem using trailing delimiter in dissect

Related topics