Using ELK, I'm unsure how to use right filter in logstash config file for pairs

Elastic Stack Logstash
1

I have a dollarVars term filled with things in this format...

Message 1:
Header1|Value1|Header2|Value2|Header3|Value3|

Message 2:
Header2|Value2|Header4|Value4|Header5|Value5|

Message 3:
Header3|Value3|Header4|Value4|Header5|Value5|

Etc.

My current filter looks like:

filter {
dissect {
mapping => {
"message" => "%{dateTime},%{id},%{stuff1},%{stuff2},%{stuff3},%{stuff4},%{stuff5},%{dollarVars}"
}
}

mutate {
convert => {
  "stuff1"=>"integer"
  "stuff2"=>"integer"
            }
       }

 date{ 
  match => ["dateTime", "yyyy/MM/dd HH:mm:ss"]
     }

}

What can I do to take my dissected dollarVars and break it up into the header with its respective value (the one to the right of each header)?

I suspect this would use the csv filter somehow using "|" instead of "," and somehow telling it each dollarVar odd column is a header and each even column goes with its respective (n-1) odd column.

2

Can you give us an example snippet of what's being ingested? I'm not 100% following the examples you made.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.