Regroup fields logstash

Mouloud_CHIKHOUNE · June 25, 2019, 12:40pm

Hi, I have a log file structured like this :
    2019-06-20T05:39:27,568 | INFO | INPUT| UID1
    2019-06-20T05:39:28,874 | INFO | INPUT| UID2
    2019-06-20T05:39:28,879 | INFO | OUTPUT | UID1
    2019-06-20T05:39:28,880 | INFO | OUTPUT | UID2

I want to retrieve in just one event all the fields which have the same UID and display them in kibana discover like this:

@timestamp	Jun 25, 2019 @ 14:26:33.245
       	valUID: UID1
        valIN: INPUT
        valOUT: OUTPUT
        valinfo: INFO

@timestamp	Jun 25, 2019 @ 14:26:33.246
       	valUID: UID2
        valIN: INPUT
        valOUT: OUTPUT
        valinfo: INFO
. I am using filebeat and logstash 7.0.1. Thank you.

Badger · June 25, 2019, 2:28pm

Use an aggregate filter. There are examples in the documentation.

system · July 23, 2019, 2:28pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.