logstash, generate multiple fields from multiple match

Question

I would like to industrialise the creation of fields based on a multiple match regex. My log message has this format:

TIMESTAMP| KEY1 VALUE1: KEY2 VALUE2: KEY3 VALUE3: description

I would like to know if there is a way to create thanks to a generic match the fields:

KEY1=VALUE1, KEY2=VALUE2, KEY3=VALUE3

The goal is to have a generic logstash filter. If I had a new key value in the log, I will not have to change the logstash configuration.

score 1 · Accepted Answer · edited May 23 '17 at 11:51

1

There is a kv filter that can parse key=value type of things automatically. If you want to parse in the format above, you'll need to resort to ruby code such as in this question/answer: Logstash grok filter - name fields dynamically

edited May 23 '17 at 11:51

Community

1
1

answered Aug 21 '14 at 14:12

Alcanzar

16,985
6
42
59

Thank you the solution fits my need – Julio Aug 21 '14 at 14:39

logstash, generate multiple fields from multiple match

1 Answers1