Split text field - keep only the second part (noob)

Charalampos · May 12, 2018, 5:39am

Hello

My text field is in this form AAA_ΒΒΒ.

I used the split filter
split => [ "message" , "_" ]

and the result is
message AAA, BBB

and now I want to delete AAA from message.
any ideas?

thanks,

Charalampos · May 12, 2018, 3:25pm

found it a few minutes after my post here, I used dissect

admlko · May 12, 2018, 7:59pm

This should also do it:

    split => [ "message" , "_" ]
    mutate {
      replace => { “message” => “%{[message][1]}”
    }

system · June 9, 2018, 8:02pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Splitting a data field into two Elasticsearch	6	8614	July 12, 2017
How to split a single line message, into parts Logstash	9	1008	July 15, 2022
Remove contents of field from another field Logstash	3	397	April 4, 2018
Logstash Split Plugin Logstash	14	2079	March 8, 2017
Split filter Logstash	4	225	July 11, 2018