This app tries to parse a set of logfile samples with a given dissect tokenization pattern and return the matched fields for each log line.
Syntax compatible with Filebeat, Elasticsearch and Logstash processors/filters.
beats v7.9 introduced a new feature that allows converting a field from a string (only data type supported until now) into one
of integer,
long,
float, double, boolean, or ip. This type conversion step was usually delegated to
a later step in your processing. To take advantage of this new feature you need to provide a
valid type after the key using | as a separator. For example:
processors:
- dissect:
tokenizer: "%{key1} %{key2|integer}"
field: "message"
target_prefix: "dissect"
In this case key2 will be casted to an integer
value. More information can be found in the official
documentation.