How do I add new fields from a field in Logstash filter?
example:
field1 => '192.168.0.131 abcd 123'
final result
field1 => '192.168.0.131 abcd 123'
srcip => '192.168.0.131'
word => 'abcd'
number => '123'
thank you!
You can use grok to parse the results of a previous grok, just add another filter into your filter chain.
For example:
grok {
match => { "field1" => "%{IP:srcip} %{WORD:word} %{NUMBER:number} " }
remove_field => ["field1"]
}