Splitting the log into a csv file

PanPiotr · February 1, 2022, 9:45am

Hi,
I want to use logstash to separate the appropriate logs by a constant value appearing in these logs, and then divide the log into pieces after the separator ("|") and put it into a csv file with headers. The logs I'm looking for are recognized by the constant (WID2). I also noticed that the message pulled out by GREEDYDATA gets cut off after about 85 characters

Example log:
2022-01-02 10:32:30,0000001 | WID2 | 3313141414 | Request | STEP_1 | OK | Message

And i want from this logs create csv file with headers: TIMESTAMP, VALUE, MESSAGE_TYPE, STEP, STATUS, MESSAGE. I do not want to save a constant value (WID2) in the csv file, it only serves to find my logs among others.

I wrote it but it doesn't work:

input {
 file {
  path => ["path"]
  start_position => "beginning"
  sincedb_path => "path"
 }
}

filter {
 grok {
  match => {
   "message" => "%{GREEDYDATA:SYSLOGMESSAGE}"
    }
   }
 if ([SYSLOGMESSAGE] !~ "WID2"){
  drop {}
 }
 if([SYSLOGMESSAGE] =~ 'WID2") {
  csv {
   separator => "|"
   columns => ["TIMESTAMP", "VALUE", "MESSAGE_TYPE", "STEP", "STATUS", "MESSAGE"]
  }
 }
}

output{
 file {
  path => ["path.csv"]
 }
}

Badger · February 1, 2022, 6:08pm

What does that mean? What results do you get and what do you not like about those results?

Topic		Replies	Views
Add (;) sépartor in csv file before analysing it Logstash	5	452	February 8, 2017
Using logstash how can i get the values that are in [ ] to .csv file? Logstash	1	504	February 14, 2017
Simple string and Time stamp parse also redirect to CSV file Logstash	1	370	August 17, 2017
Sending logs to .csv file using logstash? Logstash	9	2463	February 14, 2017
How can i parse the data with comma seperated in logstash Logstash	5	863	November 22, 2018

Splitting the log into a csv file

Related topics