Use kv filter on newline & return split pattern

ParashB · September 23, 2020, 12:12pm

Hi, I am trying to use kv filter to parse the below logs

Name: abc\r\nAge: 39\r\nGender: Male\r\nSalary: 87

My kv filter is as below
kv {
source => "log"
field_split_pattern => "\\\r\\\n"
value_split => ":"
}

I have tried with different field_split_pattern as \r\n, \\r\\n & \\\r\\\n but nothing seems to split the key value pairs.

grumo35 · September 23, 2020, 12:34pm

Hi,

In your filter you could replace all those \\r\\n with spaces usin the gsub processor

gsub => ["log","\\\r\\\n"," "]

kv { 
source => "log"
value_split => ":"
}

ParashB · September 30, 2020, 5:39am

Thank you @grumo35. That worked perfectly.

system · October 28, 2020, 5:40am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
KV Filter Pattern Usage Logstash	1	577	April 23, 2018
KV Filter usage Logstash	2	315	June 9, 2018
KV filter problem with value_split Logstash	2	313	June 25, 2018
Kv filter's behavior when square brackets in log data Logstash	2	1180	August 18, 2017
KV Plugin Not working Logstash	9	674	August 27, 2019