Logstash Contd…
- Usage of Filter Plugins will help in transforming data.
- We can
- add fields
- remove fields
- add tags
- break field into multiple fields
- mutate filter plugin: Refer Here
- mutate plugin can perform some mutations like converting cases, substituting fields, add fields, split fields etc .
- Refer Here for the basic usage of mutate plugin
- Grok filter plugin suits the purpose of parsing a log message into multiple fields. Refer Here
Grok Filters
- Refer Here for the sample grok filter applied to apache log
- Grok filter matches patterns, There are some predefined patterns Refer Here
- To understand grok better we need grok debugger Refer Here
- In grok we have basic patterns
- WORD
- NUMBER
- LOGLEVEL
- When you write a grok pattern whatever is left is GREEDY DATA
- In Grok Patterns we can directly write regular expressions
- Regular expression patterns: Refer Here
- To test regex Refer Here
- Basic expresssions
\d\w\s\S.+*{3}
