I have a csv files with multiple lines as follows
"Archive","Major Interval","DEV1","f328c29c-c695-11e5-addb-cc355a180000","EG1","5d56048e-5201-0000-0080-b2bb5fd9a209","TestHeartBeatFlow","3e452a8e-5201-0000-0080-a896a7ab9b4c","","","","","2017-02-17","02:46:1.054058","2017-02-17 08:46:1.05405","2017-02-17","03:46:2.572417","2017-02-17 09:46:2.57241","6637497","767","11845","333","4576041","529","2566","302","1133995","3594619278","8646","7774713","899","976","762","1","8646","0","0","0","0","0","0","Anonymous"
I am using the csv filter and mutate the get the outputs as following
"input_messages":"8646","eg_name":"EG1","broker_name":"DEV1","@timestamp":"2017-02-17T09:46:02.534Z","flowname":"TestHeartBeatFlow","cputime":"4576041"
I was just curious how i can get the same result with grok, if at all that is possible.
I tried using
filter{
grok{
match => { "message" => "%{WORD:type} %{WORD:interval} %{WORD:broker} %{....
But stopped completing since there are so many unwanted fields. Is there an easier way of doing this with grok?