If you do not want to modify process_path then do not overwrite it:
grok {
match => { "process_path" => [
"\\(?<process_name>[^\\]+)$",
"/(?<process_name>[^/]+)$",
]
}
}
If you do not want to modify process_path then do not overwrite it:
grok {
match => { "process_path" => [
"\\(?<process_name>[^\\]+)$",
"/(?<process_name>[^/]+)$",
]
}
}
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.