Unable concatenate multiple fields which is collected by metricbeat

Nikhil_Jaiswal · September 16, 2017, 3:11am

Hi,

I want to concatenate some fields in logstash using mutate and storing in message, but message filed is coming in logstash(after running in powershell , i am not able to see) this is my configuration-

else if [metricset] =~ /.+/  {  
					
grok {
match => [ "message1", "%{GREEDYDATA}"]
						    }
mutate {
remove_field => ["tags"]
										
				
					add_field => ["engine_id", "99004"]		
					replace => [ "type", "logs"]
					add_field => ["src_ip", "%{host}"]
			
					}
		if "filesystem" in [system] and "pct" > "0.104" {
		mutate {
		add_field => [ "m1", " More then 10% disk space consumed"]
		add_field => [ "engine_log_id" , "1"]
		add_field => ["message" , "%{system} %{mount_point} %{metricset} %{m1}"]
						}
						
					  }

				}

output in powershell

Capture

system · October 14, 2017, 3:11am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash concatenate two field values from metricbeat Logstash	4	877	April 15, 2022
I have to concatenate below two fields Logstash	3	7224	May 17, 2019
Concatenate two fields Logstash	2	620	August 16, 2020
Add_field doesn't work Logstash	13	1368	October 24, 2018
Mutate beats field isnt working in logstash5.0.2 Logstash	3	755	June 27, 2017

Unable concatenate multiple fields which is collected by metricbeat

Related topics