Trying to process the IIS logs. Need to extract the URL extensions to generate dashboard. This is to perform aggregations on how many documents has .png extension and how many comes with .jpeg extension ?
URL: /image.png. The extension may be of any .jpeg etc...
Option:1
Tried with painless script and added it to Beats processor
"script":
{ "lang":"painless",
"source": "def m = /^.\.(.)$/.matcher(ctx._source.url.path); if (m.matches()) { ctx._source.url.extension = m.group(1) }",
"if": "ctx.url?.path != null""
}
But it throws error Cannot invoke "Object.getClass()" because " callArgs[0]" is null".
Option 2:
Then tried enabling the scripted field in kibana and given the query as input. That too gives no match response.