Home > database >  How to replace a pattern after specific character in logstash message
How to replace a pattern after specific character in logstash message

Time:02-03

I have a message like this :

`The is my sample HMAC message`HMAC HMAC HMAC

I want to replace this to :

`The is my sample HMAC message`

I have tried below code but it replaces all occurrences of HMAC:

mutate {
                    gsub => [ "message", "HMAC", "" ]
                  }

I only want the pattern to be replaced after `. How can I achieve this in logstash using gsub?

CodePudding user response:

You can use grok.

filter {
  grok {
    match => { "message" => "`%{DATA:my_field_name}`" }
  }
}

the output will be:

{
  "my_field_name": "The is my sample HMAC message"
}

To test you can use kibana grok debugger (see screenshot) or you can use enter image description here

EDIT: You can create a new field with quotes intact.

mutate {
    add_field => { "my_new_field" => "`%{[my_field_name]}`" }
}

Page link:https//www.codepudding.com/database/690926.html

Prev:Elasticsearch - How to get the latest record in each group with filter?
Next:MongoDB get specific key from document based on given value
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding