Logstash grok filter help - hexedecimal?

Question

Ok im fishing out, amongst other things, the first segment of a unique ID from a log line with a grok filter, like this (Its only the first segment that I care about, throw away the rest). This segment is hex ,and I want it in binary.

The line:

Transaction: 000178ec-XXXX-XXXX-XXXX-XXXXXXXXXXXX

The filter is like :

Transaction: %{BASE16NUM:transaction_id}-%{GREEDYDATA:otherpartsidontcareabout}

But it just gives me this result:

{
  "transaction_id": [
  [
    "000178ec"
  ],
  "otherpartsidontcareabout":
  [
    "XXXX-XXXX-XXXX-XXXXXXXXXXXX"
  ]]
}

Where I had expected it to be transformed into decimal:

{
  "transaction_id": [
  [
    "96492"
  ],
  "otherpartsidontcareabout":
  [
    "XXXX-XXXX-XXXX-XXXXXXXXXXXX"
  ]]
}

Am I doing this wrong? Im really stuck.

score 5 · Accepted Answer · edited May 04 '17 at 15:13

5

BASE16NUM just indicates the pattern of the text. To convert it to an integer you are going to have to do something like this:

filter { 
  ruby { 
    code => "event['transaction_id'] = event['transaction_id'].hex"
  } 
}

or for logstash 5

filter { 
  ruby { 
    code => "event.set('transaction_id', event.get('transaction_id').hex)" 
  } 
}

edited May 04 '17 at 15:13

OrangeDog

36,653
12
122
207

answered Sep 11 '14 at 16:40

Alcanzar

16,985
6
42
59

Thanks, Ill try this tomorrow morning. – user49411 Sep 11 '14 at 18:46

Logstash grok filter help - hexedecimal?

1 Answers1