I have an industrial system producing log files where some of the lines look like this:
component1 v1 component2 v2 component3 v3 ...
Where vx is a numerical value (eg. 3.14159).
I'm running a super basic ELK stack and I would like to extract these as field/value.
I don't know how/where to attack the problem. Is that a logstash configuration that should be done to extract fields from single lines ?
That's evil.
The
kvfilter won't work here, because the key=value separator is the same as the one separating the tuples.IF the lines are consistent, grok may be your saving grace. But if the order of the components change, that gets very tricky, very quickly.