This repository has been archived by the owner on Jan 31, 2024. It is now read-only.
Logstash Dissect key modifier not working #12
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hi There,
I am writing pattern in logstash version 7.10.2 or 7.15.2 for my log having different lines of pattern using Dissect filter with its key Modifier-> to remove space or spaces as per the log line before the next delimiter. But the Modifier-> is not working. Any suggestions? Please help
My log line is like below:
2020-07-03 14:49:02,003 INFO [org.jboss.as.ee] (MSC service thread 1-2) Configuring component class
2021-06-09 02:21:42,303 DEBUG [org.jboss.as.ee] (ServerService Thread Pool -- 56) Activating EE subsystem
My filter pattern with Dissect is like below:
filter {
dissect {
mapping => { "message" => "%{logtime} %{+logtime} %{loglevel->} [%{modulename}] (%{thread}) %{logmessage}" }
}
date {
match => ["logtime", "ISO8601", "YYYY-MM-dd HH:mm:ss,SSS"]
}
mutate {
remove_field => ["path", "message"]
}
}
I have two spaces after log level INFO and 1 space after log level DEBUG. So trying to use -> Modifier
Using grok I can get it working but want to know why is the Dissect Key Modifier -> failing and saying pattern not found.
Please help
Thanks!
The text was updated successfully, but these errors were encountered: