I want to filter qt2612532-162 using grok
I want the output as
instance_name : qt2612532
thread_id : 162
Help is appreciated!
Pooja, something like this should work for you. Replacing the 'message' piece with the name of the field that contains that value.
grok {
match => [ "[message]", "%{NOTSPACE:instance_name}\-%{NOTSPACE:thread_id}" ]
}
There is some useful documentation on grok patterns over at StreamSets.
Thanks!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.