hello Folks,
i have following issue, i am using Grok filter with GREEDYDATA wich i want to remove(drop it of) out of my result, this is what i used , but at result it is still giving me an empty curly brace {} wich i do not want to get it in my Result,
logfile example,
abcdefg Final Hello
i want to get as result just Hello, nothing else, see my Filter,
grok {
match => [ "message" , "%{GREEDYDATA} Final %{WORD:word}"]
}
mutate {remove_field => ["message","tags","host',"@timestamp","@version"]}
At Result it should give me just
{"word" : "Hello"}
but it gives me as follow,
{}
{"word" : "Hello"}
that is my all output about, i am using losgstash-6.3.1 version,
output {
file {
path => "C:\Users\samyo\Desktop\ELK\outputtest.log"
codec => line
}
}
i did not use the rubydebug .
the empty {} was full with "message , "@version", "host" etc, wich i deleted with mutate filter.
after deleting those , it stills print me an empty {} as result , how can i remove it from end result.
The empty {} represents an event from which you have removed all the fields. If you want to ignore lines that do not match the grok filter you could use
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
.