logstashlogstash-grok
Grok parsing negative numbers into Kibana custom fields
Been banging my head against the wall over this - started out with logstash and Grok 2 days ago and made a bit of progress but i've been stuck looking at this particular problem all evening.
I have the following lines of input from a log file being ingested into logstash.
'John Pence ':'decrease':-0.01:-1.03093: 0.96: 0.97
'Dave Pound':'increase':0.04:1.04000: 0.97: 0.93
With the following grok filter matches:
match => { "message" => "%{QS:name}:%{QS:activity}:%{BASE16FLOAT:Change}:%{BASE16FLOAT:Percentage}: %{BASE16FLOAT:CurrentPrice}: %{BASE16FLOAT:PreviousPrice}" }
match => { "message" => "%{QS:Name}:%{QS:Activity}:-%{BASE16FLOAT:Change}:-%{BASE16FLOAT:Percentage}: %{BASE16FLOAT:CurrentPrice}: %{BASE16FLOAT:PreviousPrice}" }
This produces the following output in Kibana:
As you can see - I can't get the negative numbers to display correctly, how would one correctly show the minus sign in a grok filter? Would greatly appreciate some help!
Solution
You can simply use the NUMBER grok pattern instead of BASE16FLOAT
The following grok pattern works perfectly on your input:
grok {
"match" => {"message" => "%{QS:name}:%{QS:activity}:%{NUMBER:Change}:%{NUMBER:Percentage}: %{NUMBER:CurrentPrice}: %{NUMBER:PreviousPrice}"}
}
- How can I check nulls in Logstash pipeline in filter plugin?
- How to input a JSON file (array form) in Logstash?
- Log4J JsonTemplateLayout replacing message content
- logstash error: java.net.SocketException: Connection reset
- logstash keep both raw data and aggregated data
- Logstash Elasticsearch output plugin creates a single document index in Elasticsearch
- Index pattern is not showing up in Kibana management
- Problems with updating :sql_last_value
- Logstash stopped processing because of an error: (SystemExit) exit org.jruby.exceptions.SystemExit
- Logstash main class JvmOptionsParser not found / cannot load
- How to Send Structured Logs to ELK Stack with Custom Fields Using Python Logging?
- Querying keyword field in Logstash
- ELK index name doesn't change on rollover on the next day
- Grok pattern for [Mon Jan 04 08:36:12 2021]
- Ingesting SQL Server ErrorLog using Filebeat with the mssql module
- logstash unable to connect to elasticsearch
- How to discard the Duplicate values in ElasticSearch using DSL Query?
- Logstash Expected one of
- How can I manually trigger timing jdbc input in logstash?
- Error: exec /usr/local/bin/docker-entrypoint: permission denied for Logstash container on Podman
- Elasticsearch - Logstash Grok new field date formate is string and not date
- http.host: 0.0.0.0 - ERROR lookup logstash : no such host
- How to have an input of type MongoDB for Logstash
- Syncing PostgreSQL with ElasticSearch
- Problem with Logstash-Plug in-JMS and Weblogic 12.2.1
- Logstash Split Issue
- Logstash not responding at container image of kibana and logstash
- How to mention certificate in logstash/eck on kubernetes
- Kafka Connect Logstash
- How to add field for logsstream from specific name in elasticserach logstream