Use kv filter on newline & return split pattern

ParashB · September 23, 2020, 12:12pm

Hi, I am trying to use kv filter to parse the below logs

Name: abc\r\nAge: 39\r\nGender: Male\r\nSalary: 87

My kv filter is as below
kv {
source => "log"
field_split_pattern => "\\\r\\\n"
value_split => ":"
}

I have tried with different field_split_pattern as \r\n, \\r\\n & \\\r\\\n but nothing seems to split the key value pairs.

grumo35 · September 23, 2020, 12:34pm

Hi,

In your filter you could replace all those \\r\\n with spaces usin the gsub processor

gsub => ["log","\\\r\\\n"," "]

kv { 
source => "log"
value_split => ":"
}

ParashB · September 30, 2020, 5:39am

Thank you @grumo35. That worked perfectly.

Topic		Replies	Views
Logstash km filter issue Logstash	2	356	October 30, 2018
KV plugin filter not working Logstash	5	924	June 27, 2018
Extract a specific part of a kv filter Logstash	1	531	October 8, 2018
KV filter don't split on field_split_pattern once Logstash	5	1013	February 21, 2019
KV filter problem with value_split Logstash	2	350	June 25, 2018