Hello,
I am trying to match a pattern ES document which is being ingested via Logstash.
Pattern is duration defined in hours like PT(Hours)H.
I am using following as part of the logstash conf but I don't see any fields being added to the document and don't see anything in the logs as well.
Can you please let me know what am I missing here?
grok{
match => [ "message", "PT%{NUMBER:DurationHours}H" ]
}
mutate{
add_field => { "NewDurationHrs" => "%{DurationHours}" }
}