Remove text on field

sysdradmin · July 23, 2018, 2:03pm

hello,
I have a csv file like this

2018-07-17 06:01:18 ID:784514|FD: ....
As you can see it's missing a "|" between date/time and ID so first field is saw like a text

I want that first field is a date/time and other field like 'id'

How i can they to logstast to put first field in date/time and ID like a other field ?

rgds

Badger · July 23, 2018, 2:35pm

Insert the |, then use a csv filter

mutate { gsub => [ "message", "^([^ ]+ [^ ]+) ", "\1|" ] }

sysdradmin · July 23, 2018, 2:40pm

ths for reply :

i have done this :

mutate {

split => { "message" => "ID:" }
add_field => {
"TimeStamp" => "%{[message][0]}"
"ID" => "%{[message][1]}"

}

and seems working

sysdradmin · July 23, 2018, 2:48pm

but i don't have _source with all fields

ideas ?

sysdradmin · July 23, 2018, 3:31pm

thanks !

it's better

Topic		Replies	Views
Logstash CSV Timestamp extract Logstash	6	894	January 17, 2022
Remove_field in csv filter section Logstash	7	3451	January 18, 2018
Config field as date Logstash	3	812	May 13, 2020
Get substrings from the log Logstash	5	926	July 6, 2017
Date Filtering from a Text File Logstash	4	491	July 6, 2017