Is there a way to parse the log message and search for a particular string and if that is present, then to ignore/remove that string from that message?
Every log message in the log file that i am trying to parse using logstash is followed by a line (in a new line) in the below format xxxxx (some string) : TraceLog message some_number
such messages need be ignored.
I am using the multiline codec to identify the log messages as the ones that start with |. If any message does not start with | it should get appended to previous message.
And hence the messages in the above format are getting appended to previous messages.
Is there a way that they can be removed?
. need to search the log text for the format
. if present, log text = log text minus that string.
To remove parts of a string, use a mutate filter and its gsub option. To completely ignore whole events, use a drop filter that you run conditionally via an if ... { ... } block.
The first mutate will remove the fixed string : TraceLog message and the next one will remove the number in the end.
Even if there was no substring 'TraceLog message"in side the logtext, it is removing any string in the end!
can you plz suggest how can the reg expression be defined for this entire line, which can be used in gsub..
ya, but i need to have the rest of the log_text.
im extracting the log_text using a multi-line codec and i need all the lines except the last line (in the above format)
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.