Split line in multiple messages

bertvervaele · March 1, 2017, 3:36pm

I have all my logs on 1 line like this:
aE0020170216090418001004100058S3 0 26742 2711-------- 640-------------------------------------- **********************mQ0120170216090418001004100058S3 0Workp. 58124 10041 ThInit WPStartthxxhead1042 **********************pE0A20170216090420001003900057S3 SAPSYS 0001&aT16_U24432_M0&bWorkprocess crashed [Error/Core] 58A53F515D02272EE10000000ACCC810

With as separator 22 times *.
atm I'm trying to use

filter{
mutate{
split => { "message" => "**********************"}
}
}

But this just splits it in different fields.
Is there a way to split them in different messages?

magnusbaeck · March 21, 2017, 6:35am

Perhaps the split filter can help.

Christian_Dahlqvist · March 21, 2017, 8:52am

I suspect you will need to create a custom codec to handle this case.

system · April 18, 2017, 8:52am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to split a single line message, into parts Logstash	9	1009	July 15, 2022
Unable to split the data in message field Logstash	11	459	March 28, 2023
Logstash split one message into multiple Logstash	11	1608	January 17, 2023
Logstash split message by \n into multiple message inputs Logstash	2	1706	March 27, 2021
How to use split filter on the field using logstash Logstash	5	6148	March 27, 2019

Split line in multiple messages

Related topics