Hi guys,
i want to add new fields based on the information in hostname. Below the examples of what i need,
hostname=alfrdnsresolverfixed01
new fields: site=alfr, dns_type=fixed
hostname=boavdnsresolvermbbnat01
new fields: site=boav, dns_type=mbbnat
so site is the first 4 chars of hostname and dns_type is between dnsresolver and last 2 digits
thanks,
Use grok
grok { match => { "hostname" => "^%{WORD:site}dnsresolver%{WORD:dns_type}\d" } }
more simple than i thought.
@Badger \ d in the end what means? 1 digit, 1 or more digits, something else...?
\d means one digit. That may be followed by another digit or anything else. There is no need to match the entire field.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.