Remove opening and closing parenthesis using gsub

Rios · October 20, 2022, 1:23pm

Something is not OK. This conf is working fine. Can you test the same?

input {
  generator {
       "message" => "Syslog message: (unknown): Oct 20 12:55:51 (iamservera) **.**.*.**->/var/log/evtmgr_statuslog charon stat : ONLINE\n"
       count => 1
  }
 
} # input

filter {

 	mutate{ gsub => ["message", "[()]", ""] }
   
}

output {

    stdout {
        codec => rubydebug{ metadata => true}
    }

}

Result:

{
         "event" => {
        "original" => "Syslog message: (unknown): Oct 20 12:55:51 (iamservera) **.**.*.**->/var/log/evtmgr_statuslog charon stat : ONLINE\\n"
    },
       "message" => "Syslog message: unknown: Oct 20 12:55:51 iamservera **.**.*.**->/var/log/evtmgr_statuslog charon stat : ONLINE\\n"
}

Topic		Replies	Views
Logstash gsub filter with special characters not working Logstash	3	1334	June 5, 2018
How to eliminate square brackets in the parsed logs Logstash	2	571	October 12, 2020
Remove symbol from logstash Logstash	2	261	September 23, 2022
Gsub remove square bracket Logstash	3	3396	May 2, 2020
Small help with gsub Logstash	4	712	July 6, 2017

Remove opening and closing parenthesis using gsub

Related topics