Regarding Split filter in mutate

suresh_u · June 30, 2022, 7:25am

Hi team,
I have one roll number like 1071-P56790-345.

First number is 1071. Remaining fields in future can be added.
So I need to extract 1071 and P56790-345 into 2 seperate fields.

I tried using filter by delimeter '-'. But array is in the record. Below is the syntax:

mutate {
split => { "doc_number" => "-" }
}

Could someone please suggest how to solve it?

Thanks.

sudhagar_ramesh · June 30, 2022, 7:40am

You can use grok filter to make it has two separate fields

filter
{
grok
{
match => {"message" => ["doc_number", "%{DATA:firstnumber}-%{GREEDYDATA:lastnumber}"]}
}
}

suresh_u · June 30, 2022, 7:52am

thanks @sudhagar_ramesh let me try.

suresh_u · June 30, 2022, 8:29am

Thanks a lot @sudhagar_ramesh . It is working.

system · July 28, 2022, 8:29am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Regarding Mutate Ruby filter Logstash	3	260	July 27, 2022
Problem with "split" and "add_field" in mutate filter Logstash	5	5459	December 19, 2019
Logstash. Mutate's split doesn't split string Logstash	2	352	August 27, 2021
Extract string from a field in logstash Logstash	8	4864	December 12, 2019
Create fields by splitting a log Logstash	8	1226	April 2, 2020