Split line in multiple messages

bertvervaele · March 1, 2017, 3:36pm

I have all my logs on 1 line like this:
aE0020170216090418001004100058S3 0 26742 2711-------- 640-------------------------------------- **********************mQ0120170216090418001004100058S3 0Workp. 58124 10041 ThInit WPStartthxxhead1042 **********************pE0A20170216090420001003900057S3 SAPSYS 0001&aT16_U24432_M0&bWorkprocess crashed [Error/Core] 58A53F515D02272EE10000000ACCC810

With as separator 22 times *.
atm I'm trying to use

filter{
mutate{
split => { "message" => "**********************"}
}
}

But this just splits it in different fields.
Is there a way to split them in different messages?

magnusbaeck · March 21, 2017, 6:35am

Perhaps the split filter can help.

Christian_Dahlqvist · March 21, 2017, 8:52am

I suspect you will need to create a custom codec to handle this case.

system · April 18, 2017, 8:52am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.