Unable concatenate multiple fields which is collected by metricbeat

Nikhil_Jaiswal · September 16, 2017, 3:11am

Hi,

I want to concatenate some fields in logstash using mutate and storing in message, but message filed is coming in logstash(after running in powershell , i am not able to see) this is my configuration-

else if [metricset] =~ /.+/  {  
					
grok {
match => [ "message1", "%{GREEDYDATA}"]
						    }
mutate {
remove_field => ["tags"]
										
				
					add_field => ["engine_id", "99004"]		
					replace => [ "type", "logs"]
					add_field => ["src_ip", "%{host}"]
			
					}
		if "filesystem" in [system] and "pct" > "0.104" {
		mutate {
		add_field => [ "m1", " More then 10% disk space consumed"]
		add_field => [ "engine_log_id" , "1"]
		add_field => ["message" , "%{system} %{mount_point} %{metricset} %{m1}"]
						}
						
					  }

				}

output in powershell

Capture

system · October 14, 2017, 3:11am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Adding metricbeat custom fields through a logstash instance not working for me Beats metricbeat	3	397	March 11, 2019
Logstash concatenate two field values from metricbeat Logstash	4	916	April 15, 2022
How to perform concatenation of values from the same field in multiple lines? Logstash	1	1359	July 6, 2017
Add_field doesn't work Logstash	13	1447	October 24, 2018
Merge Several json parsed fields to 1 field Logstash	5	3091	July 6, 2017

Unable concatenate multiple fields which is collected by metricbeat

Related topics