We are new to using logstash and are parsing log4net messages. In the message field currently we have a string output as
Some random application name - Some random message
I tried to use the gsub => ["message", "-", "App Name"] but it just changed the string and not add it as a new field. What is the best way to get the application name as a new field and remove it from the message field?
Thank you in advanced for your help.
How about grok{} with this pattern:
%{DATA:app} - %{GREEDYDATA:otherStuff}