jstar
February 6, 2017, 11:51am
1
Hi EveryBody,
I'm working with logstash grok to extract a string from a field.
"myfield":" stringToExtract-instance 2017-02-06 05:48:25 INFO XXXXXXXX"
I want to extract the stringToExtract from the field myfield.
I have given a try with
grok {
match => [
"myfield",
" <ValueOfNewField>[^-instance]"
]
]
For the custom field
filter {
mutate {
add_field => { "newField" => "ValueOfNewField" }
}
}
Well the first part is no working. But I pretty sure that the second will work if the first part works.
Any help for configuring the first part will be appreciated.
jstar
February 6, 2017, 2:41pm
2
My bad after reading https://www.elastic.co/guide/en/logstash/current/plugins-filters-grok.html and experimenting on http://grokconstructor.appspot.com/do/match?example=1
I came out with the following config
filter {
grok {
match => [
"message",
"^\ (?<newField>[^\ ]+)\-instance"
]
}
}
This even works out of the box, it extract and create a new field of name newField . That something like the following is added to the event.
"newField" : "stringToExtract",
Hope this helps someone.
3 Likes
system
March 6, 2017, 2:42pm
3
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.