Use kv filter on newline & return split pattern

ParashB · September 23, 2020, 12:12pm

Hi, I am trying to use kv filter to parse the below logs

Name: abc\r\nAge: 39\r\nGender: Male\r\nSalary: 87

My kv filter is as below
kv {
source => "log"
field_split_pattern => "\\\r\\\n"
value_split => ":"
}

I have tried with different field_split_pattern as \r\n, \\r\\n & \\\r\\\n but nothing seems to split the key value pairs.

grumo35 · September 23, 2020, 12:34pm

Hi,

In your filter you could replace all those \\r\\n with spaces usin the gsub processor

gsub => ["log","\\\r\\\n"," "]

kv { 
source => "log"
value_split => ":"
}

ParashB · September 30, 2020, 5:39am

Thank you @grumo35. That worked perfectly.

system · October 28, 2020, 5:40am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.