Robot Jung
Reputation: 397
Elastic search's Logstash Mutate Split is not working
I'm having trouble splitting the string type field(target) in logstash.
"log" => {
"address" => "0.0.0.1",
"target" => "hello.exe - PID: 3005 - Module: nthdll.dll"
}
I try to divide by "-" and this is my code :
mutate {
copy => { "[log][target]" => "targetList" }
split => { "targetList" => "-" }
}
but it is not working, "targetList" is copied, but the splits are not working.
"targetList" => "hello.exe - PID: 3005 - Module: nthdll.dll"
Please give me some advice.
Upvotes: 0
Views: 390
Answers (1)
Badger
Reputation: 4072
mutate does operations in a fixed order, and split comes before copy, so the targetList field does not exist at the point when the split runs. Split it into two mutates
mutate { copy => { "[log][target]" => "targetList" } }
mutate { split => { "targetList" => "-" } }
Please tag this as answering your problem if it solves your problem.
Upvotes: 1
Related Questions
- Elastic's Logstash Mutate Split not working
- LogStash: Convert to integer in mutate has no effect
- How to use Logstash split with field
- Logstash not working with elastic
- Logstash split filter
- Logstash split root message
- Logstash : Mutate filter does not work
- Logstash - find length of split result inside mutate
- Logstash - how do I split an array using the split filter without a target?
- logstash + elasticsearch | bug?