Hi team,
I have one roll number like 1071-P56790-345.
First number is 1071. Remaining fields in future can be added.
So I need to extract 1071 and P56790-345 into 2 seperate fields.
I tried using filter by delimeter '-'. But array is in the record. Below is the syntax:
mutate {
split => { "doc_number" => "-" }
}
Could someone please suggest how to solve it?
Thanks.
Hello @suresh_u
You can use grok filter to make it has two separate fields
filter
{
grok
{
match => {"message" => ["doc_number", "%{DATA:firstnumber}-%{GREEDYDATA:lastnumber}"]}
}
}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.