Hi, I'm trying to extract part of a field using RegEx and create a new field with the extracted text. i.e string = alert message|User: johnc |Host: test |Event type: test capture = johnc RegEx example : User: ([^|{1}]+)\s Result: johnc I know the regex I need, but not which method I…

Create a new field using Regular Expressions

Badger July 10, 2018, 4:19pm 2

grok { match => { "message" => "User: (?<user>[^|{1}]+)\s" } }

will add a field called user.

6 Likes

Topic		Replies	Views
Extract a string from a field and create a new field with that string Logstash	2	10404	March 6, 2017
Add a new field based on a regex capturing group Logstash	2	6541	July 6, 2017
Add new field data using Regex Logstash	3	900	June 4, 2020
Create new field from existing field using REGEX Logstash	4	1160	November 21, 2019
How to extract the fields using regex? Elasticsearch	9	8328	July 5, 2017

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.

Create a new field using Regular Expressions

Related topics