Hi guys,
i want to add new fields based on the information in hostname. Below the examples of what i need,
hostname=alfrdnsresolverfixed01
new fields: site=alfr, dns_type=fixed
hostname=boavdnsresolvermbbnat01
new fields: site=boav, dns_type=mbbnat
so site is the first 4 chars of hostname and dns_type is between dnsresolver and last 2 digits
thanks,
Use grok
grok { match => { "hostname" => "^%{WORD:site}dnsresolver%{WORD:dns_type}\d" } }
more simple than i thought.
@Badger \ d in the end what means? 1 digit, 1 or more digits, something else...?
\d means one digit. That may be followed by another digit or anything else. There is no need to match the entire field.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.