'Logstash KV filter help needed
I am trying to write a logstash configuration for the following log entry.
102.89.98.123,-,"[04/Jun/2018:12:36:44 -0400]",?q=
(AggrDept:John%20OR%20AggrBeept:Smith)&fq=EmployeeNumber:
(12345)&fq=PersonIDCd:M&fq=PersonStatusCd:
(1%20OR%203)&AppCode=1234&wt=json&indent=true&rows=2
I have successfully extracted all the parameters into their own fields. I have extracted
?q=(AggrDept:John%20OR%20AggrBeept:Smith)&fq=EmployeeNumber:
(12345)&fq=PersonIDCd:M&fq=PersonStatusCd:
(1%20OR%203)&AppCode=1234&wt=json&indent=true&rows=2
in it's own field called "keys"
I want the following output
AggrDept:John
AggrBeept:Smith
EmployeeNumber:12345
PersonIDCd:M
PersonStatusCd:[1,2,3]
AppCode:1234
wt:json
indent:true
rows:2
I used the KV filter
`kv{
source => "keys"
field_split => "&"
value_split => ":"
}`
However, I am not getting the desired result. Any help will be appreciated.
Thanks
Solution 1:[1]
Possibly add
include_keys => [
"AggrDept",
"AggrBeept",aso...
]
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Jeremy Caney |