[elk@node01 conf]$ cat t4.conf
input {
stdin{}
}
filter {
grok {
match => ["message", "%{IPORHOST:xxxx}"]
}
mutate {
remove_field =>["message"]
remove_field =>["host"]
}
}
output {
stdout {
codec => rubydebug
}
}
[elk@node01 conf]$ logstash -f t4.conf
Settings: Default pipeline workers: 4
Pipeline main started
2.2.2.2
{
"@version" => "1",
"@timestamp" => "2018-07-31T00:11:59.727Z",
"xxxx" => "2.2.2.2"
}
[elk@node01 conf]$ cat t4.conf
input {
stdin{}
}
filter {
grok {
match => ["message", "%{IPORHOST:xxxx}"]
}
}
output {
stdout {
codec => rubydebug
}
}
[elk@node01 conf]$ logstash -f t4.conf
Settings: Default pipeline workers: 4
Pipeline main started
3.3.3.3
{
"message" => "3.3.3.3",
"@version" => "1",
"@timestamp" => "2018-07-31T00:12:44.786Z",
"host" => "node01",
"xxxx" => "3.3.3.3"
}