Regarding Split filter in mutate

suresh_u · June 30, 2022, 7:25am

Hi team,
I have one roll number like 1071-P56790-345.

First number is 1071. Remaining fields in future can be added.
So I need to extract 1071 and P56790-345 into 2 seperate fields.

I tried using filter by delimeter '-'. But array is in the record. Below is the syntax:

mutate {
split => { "doc_number" => "-" }
}

Could someone please suggest how to solve it?

Thanks.

sudhagar_ramesh · June 30, 2022, 7:40am

You can use grok filter to make it has two separate fields

filter
{
grok
{
match => {"message" => ["doc_number", "%{DATA:firstnumber}-%{GREEDYDATA:lastnumber}"]}
}
}

suresh_u · June 30, 2022, 7:52am

thanks @sudhagar_ramesh let me try.

suresh_u · June 30, 2022, 8:29am

Thanks a lot @sudhagar_ramesh . It is working.

system · July 28, 2022, 8:29am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Regarding Mutate Ruby filter Logstash	3	260	July 27, 2022
Problem with "split" and "add_field" in mutate filter Logstash	5	5472	December 19, 2019
Ambiguous in documentation which describe logstash filter plugin "mutate -> split" Logstash	2	327	February 26, 2019
Breaking down a field Logstash	4	366	January 7, 2019
Splitting a data field into two Elasticsearch	6	8617	July 12, 2017