Create new field from existing one

elasticforme · June 11, 2020, 7:54pm

Create new field with proper url content.

this path are sometime 10 level deep and sometime 20.

this is what I have

full_file_name:  /home/sachin/Tests/noise/spread/xspread/xspread_a_10_v1.tl.gz
project: sachin
file_name: xspread_a_10_v1.tl.gz


to new field 

url_file: 'http://server1/Projects/JMV3/less_file.php?project=sachin&act=multiview&path=%2F%2Fhome%2sachin%2FTests%2Fnoise%2Fspread%2Fspred%2F&files=xspread_a_10_v1.tl.gz'

seems like I have to add follwing in beginning of the path
http://server1/Projects/JMV3/less_file.php?project=%{project}&act=multiview&path=%2F

and then replace all / with %2F and add
%2F&File=%{file_name}

how do I do it?

elasticforme · June 11, 2020, 9:44pm

I have used grok and created this and it works.
actually this was old method where I needed %2F no more I can just pass the path with /

mutate {
add_field => { "file_url" => "http://server/Projects/JM/less_file.php?act=multiview&proj=%{project}&path=%{location}/&files=%{file_name}.gz" }
}

and from full path I got file_name
grok {
match => { "file_path" => "%{GREEDYDATA:api_class}" }
}
mutate {
# split the field on /
split => ["api_class" , "/"]
# save the last element of the array as the api_method.
add_field => ["file_name", "%{[api_class][-1]}" ]
}

grok { match => { "file_path" => "%{GREEDYDATA:location}(/%{DATA}.log)" } }

Topic		Replies	Views
Add new field using part of existing value Logstash	10	1875	June 25, 2020
Add field based on another Logstash	10	460	November 11, 2020
Updating an existing field using path data Logstash	6	232	April 18, 2023
Extract string from a field in logstash Logstash	8	5119	December 12, 2019
I have to concatenate below two fields Logstash	3	7340	May 17, 2019

Create new field from existing one

Related topics