Remove Leading Whitespace From Log Messages

Clean up log messages using the text:trim() function

Query

logscale
text:trim(message, mode=start, as="cleaned_message")

Introduction

The text:trim() function can be used to remove whitespace from strings. When using the mode parameter with value start, it removes only leading whitespace characters. The as parameter specifies the name of the field where the trimmed result is stored.

In this example, the text:trim() function is used to clean up log messages that contain unnecessary leading whitespace characters, making the data more consistent and easier to read.

Example incoming data might look like this:

@timestamplevelmessage
2025-11-05T10:00:00ZINFO     Starting application server
2025-11-05T10:00:01ZINFO     Database connection established
2025-11-05T10:00:02ZWARN     Invalid user credentials
2025-11-05T10:00:03ZERROR    Authentication service unavailable
2025-11-05T10:00:04ZINFO     User session created

Step-by-Step

  1. Starting with the source repository events.

  2. logscale
    text:trim(message, mode=start, as="cleaned_message")

    Creates a field named cleaned_message that contains the message text with leading whitespace removed. The text:trim() function with mode=start only removes whitespace characters from the beginning of the string, preserving any trailing spaces if they exist. The as parameter specifies the output field name.

  3. Event Result set.

Summary and Results

The query is used to standardize log messages by removing unnecessary leading whitespace that might have been introduced during logging.

This query is useful, for example, to improve log message readability and consistency, especially when dealing with logs from multiple sources that might format their messages differently.

Sample output from the incoming example data:

cleaned_messagelevelmessage
Starting application serverINFO     Starting application server
Database connection establishedINFO     Database connection established
Invalid user credentialsWARN     Invalid user credentials
Authentication service unavailableERROR     Authentication service unavailable
User session createdINFO     User session created

Note that internal spaces between words are preserved, only the leading whitespace is removed.