Hello everyone,
How could I cut a field in a sentence? I looked, there is a filter split module but I do not know how I can use it.
Example: path => h2dd_AMR_20180612-2357.log
what want:
fields_1: AMR
date: 20180612
hour: 23h57
Is it possible ?
If they always look like this then I would use dissect.
dissect { mapping => { "message" => "%{}_%{field1}_%{date}-%{hour}.%{}" } }
1 Like
Yes indeed, it will always be in this form. I will test and I will keep you informed. Thank you
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.