Split filter

ahmed_charafouddine · June 13, 2018, 12:42pm

Hello everyone,

How could I cut a field in a sentence? I looked, there is a filter split module but I do not know how I can use it.

Example: path => h2dd_AMR_20180612-2357.log

what want:
fields_1: AMR
date: 20180612
hour: 23h57

Is it possible ?

Badger · June 13, 2018, 12:54pm

If they always look like this then I would use dissect.

dissect { mapping => { "message" => "%{}_%{field1}_%{date}-%{hour}.%{}" } }

ahmed_charafouddine · June 13, 2018, 1:00pm

Yes indeed, it will always be in this form. I will test and I will keep you informed. Thank you

ahmed_charafouddine · June 13, 2018, 1:26pm

Thanks @Badger, ça marche (it works)

system · July 11, 2018, 1:26pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to use split filter on the field using logstash Logstash	5	6144	March 27, 2019
Split text field - keep only the second part (noob) Logstash	3	335	June 9, 2018
Split Logfiles Logstash	4	215	July 26, 2018
How to split a single line message, into parts Logstash	9	1008	July 15, 2022
Logstash Filter \|\| Json Message to Split Fields Logstash	3	2121	October 14, 2019