Hi,
i have logs in the format
[2017-01-13 21:21:03,956][WARN ][index.search.slowlog.query] [Yaswanth] [bank][0] took[28.9ms], took_millis[28], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[5], source[], extra_source[],
when i send it to .csv file it is showing like this ,because the default separator is ","
[2017-01-13 21:21:03 --column 1
956][WARN ][index.search.slowlog.query] [Yaswanth] [bank][0] took[28.9ms] --column 2
took_millis[28] --column 3
types[] --column4
stats[] --column 5
search_type[QUERY_THEN_FETCH] --column 6
total_shards[5] --column 7
source[] --column 8
extra_source[] --column 9
But what i want is the content that is in "[ ]" .
2017-01-13 21:21:03,956 column1
WARN column 2
index.search.slowlog.query column 3
and so on.. column ......
Even i tried giving
csr {
separator => "[ ]"
}
But nothing worked..
Can anyone help me on this?
Thanks