Unable concatenate multiple fields which is collected by metricbeat

Elastic Stack Beats
1

Hi,

I want to concatenate some fields in logstash using mutate and storing in message, but message filed is coming in logstash(after running in powershell , i am not able to see) this is my configuration-

else if [metricset] =~ /.+/  {  
					
grok {
match => [ "message1", "%{GREEDYDATA}"]
						    }
mutate {
remove_field => ["tags"]
										
				
					add_field => ["engine_id", "99004"]		
					replace => [ "type", "logs"]
					add_field => ["src_ip", "%{host}"]
			
					}
		if "filesystem" in [system] and "pct" > "0.104" {
		mutate {
		add_field => [ "m1", " More then 10% disk space consumed"]
		add_field => [ "engine_log_id" , "1"]
		add_field => ["message" , "%{system} %{mount_point} %{metricset} %{m1}"]
						}
						
					  }

				}

output in powershell

Capture

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.