Text based log format, need help in parsing

Abhilash_B · May 22, 2019, 12:28pm

msg = event.get("message")
        matches = msg.scan(/^([A-Za-z]+):(.*)/)
        m = matches[0]
        @@data[m[0]] = m[1]

The above code seems to be working fine when I run it separately. Also I removed

else if [message] =~ /^[ 0-9]+/ {
mutate { strip => [ "message" ] }
grok { match => { "message" => '^[0-9]{1,}[.][ +](?<key>[^:]+):\s*%{GREEDYDATA:value}' } }
ruby {
    code => '
        @@data[key] = value
    '
}
drop{}

}
from the filter, still I get the same issue.

Topic		Replies	Views
Parsing composite log format only with text Logstash	2	254	June 19, 2019
Ruby code to split array message and get the index and value in logstash Logstash	3	5070	June 6, 2017
Split array fields in logstash Logstash	22	10656	June 7, 2017
How to dynamic parse log via grok regex? Logstash	7	4698	July 6, 2017
Ruby exception occurred: undefined method `split' for nil:NilClass Logstash	10	5645	July 24, 2019

Text based log format, need help in parsing

Related topics