Julio
Reputation: 2523
logstash, generate multiple fields from multiple match
I would like to industrialise the creation of fields based on a multiple match regex. My log message has this format:
TIMESTAMP| KEY1 VALUE1: KEY2 VALUE2: KEY3 VALUE3: description
I would like to know if there is a way to create thanks to a generic match the fields:
KEY1=VALUE1, KEY2=VALUE2, KEY3=VALUE3
The goal is to have a generic logstash filter. If I had a new key value in the log, I will not have to change the logstash configuration.
Upvotes: 0
Views: 1194
Answers (1)
Alcanzar
Reputation: 17155
There is a kv filter that can parse key=value type of things automatically. If you want to parse in the format above, you'll need to resort to ruby code such as in this question/answer: Logstash grok filter - name fields dynamically
Upvotes: 1
Related Questions
- Logstash - add new field by multi condition
- Logstash define field within a field
- Logstash create nested field
- Logstash explode string to array with keys
- How to split the custom logs and add custom field name in each values on logstash
- logstash name fields dynamically
- logstash parse dynamically json to add new fields in the output
- Match multiple field names in logstash mutate filter
- Logstash : how to output a selection of fields
- Logstash, how to handle a field with sub fields