I have generated logs in HPUX and shipped it to my elk server but logstash is reading those complete logs as one string. I want to split the GREEDYDATA field to generate specific fields. Is their any option in grok or any other way to do so? Is their anything like awk or substrings in grok?
Kindly refer the above screenshot. We want to separate the timestamp, hostname, message and the value fields.
message field will always contain the whole log that you have generated. you can extract info from that whole message to generate separate filed in the logstash.
Refer https://grokdebug.herokuapp.com/ for patterns generation.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
