I'd like to make the simplest grok filter, just to extract domain from url For example, for the url
https://discuss.elastic.co/top/all
I'd like to get the result
discuss.elastic.co
I tried to do so with the filter
%{URIPROTO}://%{URIHOST:domain}
And it did extract me stackoverflow.com, but when I use a different url that has www at the start for example https://www.elastic.co/
the result is
www.elastic.co
is there a filter that could return me the domain alone, without www?
Thank you!
after your grok you could add a mutate like this :
mutate { gsub => [ "domain", "(www.)", "" ] }
if there is the pattern "www." then it should be replaced by "" and if there isn't the pattern then nothing is made
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.