Extract a string from a field and create a new field with that string

Elastic Stack Logstash
1

Hi EveryBody,

I'm working with logstash grok to extract a string from a field.
Here is an example of the

"myfield":"  stringToExtract-instance 2017-02-06 05:48:25 INFO  XXXXXXXX"

I want to extract the stringToExtract from the field myfield.

I have given a try with

grok {
  match => [
    "myfield",
    "  <ValueOfNewField>[^-instance]"
  ]
]

For the custom field

filter {
  mutate {
    add_field => { "newField" => "ValueOfNewField" }
  }
}

Well the first part is no working. But I pretty sure that the second will work if the first part works.

Any help for configuring the first part will be appreciated.
Thanks.

2

My bad after reading https://www.elastic.co/guide/en/logstash/current/plugins-filters-grok.html and experimenting on http://grokconstructor.appspot.com/do/match?example=1

I came out with the following config

filter {
  grok {
     match => [
        "message",
        "^\  (?<newField>[^\  ]+)\-instance"
     ]
  }
}

This even works out of the box, it extract and create a new field of name newField. That something like the following is added to the event.

"newField" : "stringToExtract",

Hope this helps someone.