red888
Reputation: 31652
How does the logstash kv{} filter plugin work?
I wanted to extract url query params and as per this forum answer I was able to do it with kv{}
But I want to understand how this works.
Here is my string: param1=val1¶m2=val2&adv=val3¶m3=val4¶m4=val5
Now I have that field extracted in logstash as uri_query.
So then I use kv like this:
kv {
source => "uriQuery"
field_split => "&"
prefix => "query_"
}
And I get fields for each query param:
query_param1 val1
query_param2 val2
etc
But what I don't understand is how it knows to strip out and break on the "=". Is that like the default token for kv's key=value syntax or something?
Upvotes: 0
Views: 2176
Answers (1)
Related Questions
- Logstash - kv filter ignored
- Logstash use in kibana
- how to use elapsed filter- logstash
- Recursive not working in kv filter in logstash
- Logstash issue with KV filter
- logstash Custom Log Filter for Apache Logs
- Understanding ELK Analyzer
- How do logstash configs work
- Accessing key using kv filter in logstash
- kv filter in logstash