useragent {
source => "agent"
target => "ua"
remove_field => [ "agent", "[ua][patch]", "[ua][build]" ]
}
grok {
patterns_dir => "/usr/local/logstash/config_file/patterns"
match => { "message" => "%{TIME_STAMP_A:logtime}\s+\[\s*%{APP_NAME:appname}\s*\]\[\s*%{LOG_LVL:loglvl}\s*\]\s+\[\s*%{PROCESS_ID:pid}\s*\]\s+\[\s*%{PROCESS_NAME:pname}\s*\]\s+\[\s*%{TRACE_ID:traceid}\s*\]\s+\[\s*%{SPAN_ID:spanid}\s*\]\s+\[\s*%{SPAN_EXPORTABLE}\s*\]\s+---\s+\[\s*%{CLASS_PATH:classpath}\s*\]\s+\[\s*%{METHOD_NAME:methodname}\s*\]\s+\[\s*%{CODE_LINE:codeline}\s*\]\s+:\s+%{CONTENT}" }
remove_field => ["agent", "cloud", "ecs", "input", "[host][architecture]", "[host][containerized]", "[host][id]", "[host][os]", "[host][hostname]"]
}
