I would like to be able to use filter versions in kibana like "app1<1.2.3" but I wasn't able to find how to do that.
So if thought maybe creating new fields like appname1_major, appname1_minor and appname1_patch.
But I cant manage to do it in logstash
I have no way of knowing wich appname will be in the file, the version is always in the same format : 1.2.3
I managed to do it for only one field with grok but I can't do it fo every field that might appear or not
grok {
match => { "app1" => "%{INT:app1_major}\.%{INT:app1_minor}\.%{INT:app1_patch}" }
}
This is ugly and takes more storage space but that's all I have for now
Is there a good or better way to do this ?
This regex match the key name and each integer in version
But I dont know how to tell logstash to create fields => value whit this regex
like ${key}_major => ${major}
I actually ended up with something like this (but yours is better)
ruby {
code => "
event.to_hash.each do |key, value|
if value =~ /^(?<major>\d+)\.(?<minor>\d+)\.(?<patch>\d+)$/
event.remove(key)
event.set(key + '.full', value)
event.set(key + '.major', $~[:major])
event.set(key + '.minor', $~[:minor])
event.set(key + '.patch', $~[:patch])
end
end
"
}
I still need to play with the remove event to remove the key or else I am not able to create key.major....
But this is working as I want and easy enough to understand @dadoonet no prefix, just "randomappname": "1.2.3"
I see. So if the value matches the regex, I'd just set the value to a field named version_[key] and use a dynamic template which matches any field where name starts with version_...
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.