Why is this (specific) mutate not working?

Dennis_Bohs · February 18, 2020, 9:45am

Thanks for all the help Fabio. Here is what i got first, when i disabled all the filters:

without filter: 

 "offset" => 165445593
 },
 "input" => {
 "type" => "log"
 },
 "@timestamp" => 2020-02-18T09:29:24.250Z,
 "agent" => {
 "hostname" => "dehze01-lsv841.sec.rhs.zz",
 "id" => "aa2e58b6-128b-4d55-85b1-b86f8aafdc69",
 "ephemeral_id" => "7983974d-89a0-4c27-8e7c-fe4b63984049",
 "type" => "filebeat",
 "version" => "7.6.0"
 },
 "message" => "2020-02-18 10:29:23,953 INFO  [de.rhenus.projects.bp2009.webservice.CxmlWebservice] (default task-78) CxmlWebservice getting response: <cXML payloadID=\"350604@PCH\" xml:lang=\"en\" timestamp=\"2020-02-18T10:29:23+01:00\">\n  <Response>\n    <Status code=\"200\" text=\"OK\"/>\n  </Response>\n</cXML>",
 "fields" => {
 "env" => "ekp",
 "stage" => "prod"
 },
 "host" => {
 "name" => "foo-hostname"
 },
 "tags" => [
 [0] "beats_input_codec_plain_applied"
 ]
 }
 {
 "@version" => "1",
 "ecs" => {
 "version" => "1.4.0"
 },
 "host" => {
 "name" => "foo-name"
 },
 "log" => {
 "file" => {
 "path" => "/somewhere/server.log"
 }

after that i reenabled the filters and got this:

 {
 "host" => {
 "name" => "foo-name"
 },
 "fields.message" => "Show Replace PunchoutArtikel : 0 - showPunchOutReplacements: TRUE",
 "ecs" => {
 "version" => "1.4.0"
 },
 "fields" => {
 "env" => "ekp",
 "stage" => "prod"
 },
 "message" => "2020-02-18 10:20:18,408 INFO  [de.rhenus.projects.bp2009.bean.abstr.AbstractBean] (default task-4) Show Replace PunchoutArtikel : 0 - showPunchOutReplacements: TRUE",
 "log" => {
 "offset" => 164745523,
 "file" => {
 "path" => "/somewhere/server.log"
 }
 },
 "tags" => [
 [0] "beats_input_codec_plain_applied"
 ],
 "fields.loglevel" => "info",
 "fields.thread" => "default task-4",
 "agent" => {
 "version" => "7.6.0",
 "id" => "aa2e58b6-128b-4d55-85b1-b86f8aafdc69",
 "hostname" => "dehze01-lsv841.sec.rhs.zz",
 "ephemeral_id" => "7983974d-89a0-4c27-8e7c-fe4b63984049",
 "type" => "filebeat"
 },
 "fields.loggername" => "[de.rhenus.projects.bp2009.bean.abstr.AbstractBean]",
 "@version" => "1",
 "@timestamp" => 2020-02-18T09:20:18.408Z,
 "input" => {
 "type" => "log"
 }
 }

if i am not blind, this looks fine, right?

Topic		Replies	Views
Some problem of if and mutate in logstash filter Logstash	7	510	June 5, 2018
Logstash mutate not working Logstash	6	1540	July 6, 2017
Mutate \| Some logs are parsed some not Logstash	6	334	February 28, 2019
Logstash mutate replace filter fails Logstash	5	818	November 28, 2019
Logstash mutate filter, rename - "Exception in filterworker", "exception"=>#<IndexError: string not matched> Logstash	6	3171	July 6, 2017

Why is this (specific) mutate not working?

Related topics