hi,
I am trying to parse the file name from the source field without the path, I trid to do the following:
grok {
match => ["source", "%{GREEDYDATA}/%{GREEDYDATA}/%{GREEDYDATA:filename9}"]
#add_field => { "filename9" => "%{filename9}.gababa" }
}
I am getting only the filename (without the path - which is good) but twice. for example
myfile.log myfile.log
any idea?
Can we see the entire config?
Don't use multiple GREEDYDATA in a single expression. Please also show us what the data looks like in addition to the full config requested by Mark.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.