Splitting the log into a csv file

PanPiotr · February 1, 2022, 9:45am

Hi,
I want to use logstash to separate the appropriate logs by a constant value appearing in these logs, and then divide the log into pieces after the separator ("|") and put it into a csv file with headers. The logs I'm looking for are recognized by the constant (WID2). I also noticed that the message pulled out by GREEDYDATA gets cut off after about 85 characters

Example log:
2022-01-02 10:32:30,0000001 | WID2 | 3313141414 | Request | STEP_1 | OK | Message

And i want from this logs create csv file with headers: TIMESTAMP, VALUE, MESSAGE_TYPE, STEP, STATUS, MESSAGE. I do not want to save a constant value (WID2) in the csv file, it only serves to find my logs among others.

I wrote it but it doesn't work:

input {
 file {
  path => ["path"]
  start_position => "beginning"
  sincedb_path => "path"
 }
}

filter {
 grok {
  match => {
   "message" => "%{GREEDYDATA:SYSLOGMESSAGE}"
    }
   }
 if ([SYSLOGMESSAGE] !~ "WID2"){
  drop {}
 }
 if([SYSLOGMESSAGE] =~ 'WID2") {
  csv {
   separator => "|"
   columns => ["TIMESTAMP", "VALUE", "MESSAGE_TYPE", "STEP", "STATUS", "MESSAGE"]
  }
 }
}

output{
 file {
  path => ["path.csv"]
 }
}

Badger · February 1, 2022, 6:08pm

What does that mean? What results do you get and what do you not like about those results?

system · March 1, 2022, 6:09pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Using logstash how can i get the values that are in [ ] to .csv file? Logstash	1	484	February 14, 2017
Using Csv filter on a Split value Logstash	2	888	May 21, 2017
CSV output file row separator Logstash	1	325	May 21, 2020
Using 2 .csv inputs Logstash	4	284	August 8, 2019
Spliting log message Logstash	2	317	March 2, 2018

Splitting the log into a csv file

Related topics