I'd like to make the simplest grok filter, just to extract domain from url For example, for the url
https://discuss.elastic.co/top/all
I'd like to get the result
discuss.elastic.co
I tried to do so with the filter
%{URIPROTO}://%{URIHOST:domain}
And it did extract me stackoverflow.com, but when I use a different url that has www at the start for example https://www.elastic.co/
the result is
www.elastic.co
is there a filter that could return me the domain alone, without www?
Thank you!
after your grok you could add a mutate like this :
mutate { gsub => [ "domain", "(www.)", "" ] }
if there is the pattern "www." then it should be replaced by "" and if there isn't the pattern then nothing is made