Split header param and convert the value to a number

anuradhamudalige · October 28, 2019, 8:38am

grok {
match => {
"message" => "^%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:loglevel}%{SPACE}%{NOTSPACE:class}%{SPACE}(%{DATA:thread})%{SPACE}%{DATA:linenumber}%{DATA:txnid}%{NUMBER:eventID}%{DATA:eventName}%{DATA:componentid}%{IP:clientip}%{DATA:is_key_value}%{DATA:log_msg}$"
}
}

I have this filter, and here I have linenumber field as "LINE:234", I want to take only the value and make it a number and proceed. Hence the output would be just 234 as in Number type.

How can I achieve this?

Badger · October 28, 2019, 12:30pm

I would replace %{DATA:linenumber} with LINE:%{NUMBER:linenumber:int}

system · November 25, 2019, 12:30pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Change filed type from string to number Logstash	2	284	June 1, 2018
Logstash convert string field to number Logstash	6	6405	January 15, 2018
Logstash configurtaion for convert to Number Logstash	5	23	July 16, 2024
Howto convert this to a number? Logstash	3	461	January 25, 2019
Trying to Grok a field from String to Int Logstash	6	8918	April 13, 2017

Split header param and convert the value to a number

Related topics