This app tries to parse a set of logfile samples with a given dissect tokenization pattern and return the matched fields for each log line.
Syntax compatible with Filebeat, Elasticsearch and Logstash processors/filters.
beats v7.9 introduced a new feature that allows converting a field from
a string (only data type
supported until now) into one of
integer,
long,
float,
double,
boolean, or
ip. This type conversion
step was usually delegated to a later step in your processing. To take
advantage of this new feature you need to provide a valid type after the
key using | as a separator.
For example:
processors:
- dissect:
tokenizer: "%{key1} %{key2|integer}"
field: "message"
target_prefix: "dissect"
In this case key2 will be
casted to an integer value. More information can be found in the
official documentation.