I have Logstash reading in a CSV file, which contains a field my_id, and is an 8-digit string made up of numbers.
I'd like the output file to have 2 fields in place of my_id. One named id_start which will be the first 6 digits and id_end which will be the last 2 digits.
example: my_id: 12345678 would become id_start: 123456 and id_end: 78
I'm very new to Logstash but I've been reading around and I think I need to use a grok filter to do this - my attempt to create the first field so far has not worked:
filter {
grok {
match => ["id_start", "(?<my_id>.{6})"]
}
}
I'm also finding it quite hard to find good examples on this sort of thing, so any help would be appreciated!
You can use ruby filter and write custom ruby code like:
filter {
ruby {
code => "
event['id_start'] = event['my_id'][0..6]
event['id_end'] = event['my_id'][6..8]
"
}
}