Hello, I need to delete specific data from message.
My message box starts like this:
<188>date=2023-05-25 time=10:05:24
I need to delete from message field “<188>”.
How I can do this?
I would use a grok pattern in a pipeline rule to strip out 188 and set fields for date and time, or combine them if needed. Others may prefer a regex pattern, but I am more handy with Grok.
Can You show Your grok pattern?
I don’t have one for this specific log, but here’s one that should work:
<%{INT:number}>date=%{YEAR:Year}-%{MONTHNUM:Month}-%{MONTHDAY:Day} time=%{TIME:time}
If you want the date as a whole timestamp, you can play around with the GROK formats, or re-assemble it later.
You may also be able to use key/value functions if the logs are consistent in this format. Good luck!
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.