Hi Shrawan, since you've asked this question multiple times already ( https://groups.google.com/d/msg/graylog2/Qev2klwPmGQ/o0bTaXuyAwAJ, https://groups.google.com/d/msg/graylog2/G7Z3yOiqrn8/e0ISsyEuAgAJ), you should consider buying professional support at https://www.graylog.org/professional-support.
Other than that, please direct questions about Logstash to https://discuss.elastic.co/c/logstash. Cheers, Jochen On Tuesday, 7 February 2017 16:29:28 UTC+1, Shrawan Bhagwat wrote: > > Hi All, > > We do have JSON data in the form > { > "data": [ > > { > "appName": "DemoApp", > "appVersion": "1.1", > "deviceId": "1234567", > "deviceName": "moto e", > "deviceOSVersion": "5.1", > "packageName": "com.abc.DemoApp", > "message": "testing null pointer exception", > "errorLog": "null pointer exception" > }, > > { > "appName": "DemoApp", > "appVersion": "1.1", > "deviceId": "1234567", > "deviceName": "moto e", > "deviceOSVersion": "5.1", > "packageName": "com.abc.DemoApp", > "message": "testing illegal state exception", > "errorLog": "illegal state exception" > } > ] > } > > We want to split data into separate messages and different fields like > appName, appVersion etc. > My queries: > i) We use Split filter to split it into different fields and we are > getting "data_appName" as field name instead of "appName"! how to change > this field to "appName" etc without data_ prefix > ii) Message field contains both data not single data. how to split message > field? > > filter in config file: > > filter{ > json { > source => "message" > } > > mutate { gsub => [ "message", "},", "shr" ] } > split { > terminator => "shr" > field => "data" > } > > > Please guide for both queries. > > Regards, > Shrawan > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/81aa5782-5327-4266-b6ec-235b166abf8d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
