Remove Both Leading And Trailing Whitespace From Log Messages

Clean up log messages using text:trim() function

Query

flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 1["Expression"] result{{Result Set}} repo --> 1 1 --> result
logscale
text:trim(message, as="cleaned_message")

Introduction

The text:trim() function can be used to remove whitespace from strings. When using the mode parameter with the default value both, it removes whitespace characters from both the beginning and end of the string. The as parameter specifies the name of the field where the trimmed result is stored.

In this example, the text:trim() function is used to clean up log messages that contain unnecessary whitespace at both ends, which commonly occurs in log files with inconsistent formatting or when messages are padded for alignment.

Example incoming data might look like this:

csv
"@timestamp","message","severity"
"2025-11-05T10:00:00Z"," Server status: OK ","INFO"
"2025-11-05T10:00:01Z"," Memory usage at 85% ","WARN"
"2025-11-05T10:00:02Z"," Disk space critical ","ERROR"
"2025-11-05T10:00:03Z"," Backup process started ","INFO"
"2025-11-05T10:00:04Z"," Connection pool: 50/100 ","DEBUG"
"2025-11-05T10:00:05Z"," Service health check completed ","INFO"

Step-by-Step

  1. Starting with the source repository events.

  2. flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 1["Expression"] result{{Result Set}} repo --> 1 1 --> result style 1 fill:#ff0000,stroke-width:4px,stroke:#000;
    logscale
    text:trim(message, as="cleaned_message")

    Creates a field named cleaned_message that contains the message text with both leading and trailing whitespace removed. The text:trim() function removes all whitespace characters from both ends of the string while preserving any whitespace between words. If no mode parameter is specified, it defaults to both. The as parameter specifies the output field name.

  3. Event Result set.

Summary and Results

The query is used to standardize log messages by removing all unnecessary whitespace from both ends of the messages, creating cleaner and more consistent log entries.

This query is useful, for example, to normalize log messages for pattern matching, improve readability, or prepare data for exports where consistent formatting is required.

Sample output from the incoming example data:

csv
"cleaned_message","message","severity"
"Server status: OK"," Server status: OK ","INFO"
"Memory usage at 85%"," Memory usage at 85% ","WARN"
"Disk space critical"," Disk space critical ","ERROR"
"Backup process started"," Backup process started ","INFO"
"Connection pool: 50/100"," Connection pool: 50/100 ","DEBUG"
"Service health check completed"," Service health check completed ","INFO"

Note that internal spaces between words are preserved, only the leading and trailing whitespace is removed.