TechQA.

Logstash Grok Filter Spit and put in seperate buckets in Elastic Index

146 views Asked by At

Hi I have a log line say like"APPLE" AND "BANANA" AND "MANGO" OR "GRAPES"

I want it to mutate like and split to put in elastic , so elastic should have a equivalent as

options{
    fruits :{
        'APPLE','BANANA','MANGO','GRAPES'
    },
    operators{
        'AND' ,'AND','OR'
    }
}

Is it possible to apply split and put under separate buckets as fruits and operators.

java logstash grok logstash-grok
Original Q&A
1

There are 1 answers

0
Alain Collins On

If the problem is "quoted string followed by unquoted string, repeating", I would drop into a ruby{} filter, split on space, examine each word to determine if it's quoted or not, and process as needed.

If not, please expand on your question.

Related Questions in JAVA

Related Questions in LOGSTASH

Related Questions in GROK

Related Questions in LOGSTASH-GROK

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions