Replace in Logstash

Gabriela_Zielinska · March 28, 2019, 12:27pm

Hi
I'm trying to replace some strings in field message in with Logstash

My logstash configuration:
input {
beats {
port => 5044
}
}
filter {
mutate {
gsub => ["message", "s", "X"]
}
}

output {
  elasticsearch {
    host => "localhost"
    port => "9200"
    protocol => "http"
    index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
    document_type => "%{[@metadata][type]}"
  }
}

in this example i tried to replace s with X, but it didn't work. Could you tell my why and how i should do it?

my filebeat input:
- type: log
enabled: true
paths:
- /var/log/out/*.log
multiline.pattern: '^['
multiline.negate: true
multiline.match: after

- type: log
  enabled: true
  paths:
    - /var/log/err/*.log
  multiline.pattern: 'R [a-zA-Z]'
  multiline.negate: true
  multiline.match: after

filebeat output:
output.logstash:
# The Logstash hosts
hosts: ["localhost:5044"]

kharvey · April 1, 2019, 5:13pm

That looks correct to me.

Do you have an example log that you are trying this on?

This is the gsub that I use on one of my log sets:

filter {
  mutate {
    gsub => ['message', '\r', '']
    strip => ['message']
  }
}

system · April 29, 2019, 5:13pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How i can match and replace the log file data in logstash Logstash	12	373	April 26, 2019
Find and replace string in message field Beats filebeat	2	2707	November 26, 2020
Replacing @timestamp with timestamp of my log Logstash	18	12644	January 5, 2017
Fields added when input is file, but not when input is filebeats Logstash	3	351	August 7, 2019
Logstash to handle multiline input from Filebeat Logstash	5	1114	December 23, 2021

Replace in Logstash

Related Topics