Home Ask Login Register

Developers Planet

Your answer is one click away!

Jim February 2016

logstash split message from log4net into two fields

We are new to using logstash and are parsing log4net messages. In the message field currently we have a string output as

Some random application name - Some random message

I tried to use the gsub => ["message", "-", "App Name"] but it just changed the string and not add it as a new field. What is the best way to get the application name as a new field and remove it from the message field?

Thank you in advanced for your help.

Answers


Alain Collins February 2016

How about grok{} with this pattern:

   %{DATA:app} - %{GREEDYDATA:otherStuff}

Post Status

Asked in February 2016
Viewed 3,417 times
Voted 7
Answered 1 times

Search




Leave an answer


Quote of the day: live life