| # Get rid of color codes | |
| mutate { | |
| gsub => ["message", "\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]", ""] | |
| } |
Thanks!
really usefull thanks
Thanks
Also removed @ from @message for compatibility with newer logstash versions. Otherwise, works perfectly. Thanks!
This also strips text in between
EDIT: turns out to be my bad. :) This works fine!
I've been looking for this for hours, thanks!
Thanks!
As mentioned in previous comments, I had to remove the @ to get it working on Logstash 6.4.2.
How does this work though ?
How does this work though ?
Well it literally removes ANSI color codes from the message field with gsub.
works like a charm.
I tried with this example but seems not working for me.
My log example : " [2m2022-06-06 10:16:41.057[0;39m [32m INFO[0;39m [35m11219[0;39m [2m---[0;39m [2m["
My filter section is given below
filter {
mutate {
gsub => ["message", "\x1B[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]", ""]
}
grok {
match => { "message" => "%{TIMESTAMP_ISO8601:date}%{SPACE}%{GREEDYDATA:rest}" remove_field => ["message"] }
}
date {
match => ["date", "ISO8601"]
target => "date_object"
}
ruby{
code =>'event.set("@timestamp", event.get("date_object").to_i)'
}
}
FYI to get this to work I needed to pull out the
@but thanks!