**URGENT** - Need help to extract fields

Hi Techs and experts,

 I need help to configure logstash to extract the fields from a log file which has multiple lines like the following :

<134>Agent_Local_Date="2019.01.11" Agent_Local_Time="1/11/2019 4:07:06 AM" Agent_UTC_Date="2019.01.11" Agent_UTC_Time="1/11/2019 3:07:06 AM" Application="firesvc.exe" Classification_Content_Pattern="" Classification_Frequency="" Classification_Policy="" Classification_Rule="" Classification_Type="" Computer_Name="france-ad\AFR648087" Computer_Type="0" Custom_Computer_Group="Groups\ATTR-Win7" Custom_Date_1="" Custom_Date_2="" Custom_Date_3="" Custom_Date_4="" Custom_Int_1="" Custom_Int_2="" Custom_Int_3="" Custom_Int_4="" Custom_String_1="" Custom_String_2="" Custom_String_3="" Custom_String_4="" Custom_String_5="" Custom_String_6="" Day_of_Week="6" Dll_Base="" Dll_Created_Local_Time="" Dll_Load_Local_Time="" Dll_Load_UTC_Time="1/11/2019 3:07:06 AM"

each key is already named and I need to create fields with the same name using the value into quotes.
I also need to get the time values extracted as timestamp and not only string.
So I'll probably need multiple operations to be achieved by Logstash but I don't know how to do it.

Your expertise will be really appreciated :wink:

Thank you very much

    mutate { gsub => [ "message", "^<[0-9]+>", "" ] }
    kv { }

You can use a date filter to extract time values as timestamps. There are hundreds of examples in this forum.

@Badger : thank you very much, helped a lot. I found to manage the date filter and it seems working fine !

thank you very much

Vincent

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.