Hi,
I'm trying to parse some syslog-ng event using grok and the kv filter.
I've this kind of log:
AMOUNT=-4,700.00\tEXCH.RATE=\tCCY=ETB\t
I use the KV filter like this :
kv {
field_split => "\t"
source => "syslogMessage"
}
when splitting with the KV, the I get EXCH.RATE with value "CCY=ETB". But I want to have EXCH.RATE with null value instead. What I'm doing wrong ?