I have a field in my index as:
"url" : "http://myaddress:myport/mydoc-3.docx"
I would like to create a new field ("newid") and put the extracted value mydoc to it.
basically I want to capture the document name with extension and without the number after "-".
I tried to split the "url" by "/" and capture mydoc-3.docx. Then split mydoc-3.docx by "-" and capture mydoc in two separate split as below but with not much success.
Should it be under filter like below? I do need to keep my_id and I need to create a new field newid.
For some reason below doesn't work. Most probably I didn't put grok in the right place.
Thanks. It worked!
Now I have to do a couple of cleanup as below:
filter {
mutate {
remove_field => [ "url"]
convert => { "newid" => "integer" }
}
}
Can I do in the same logstash and in the same filter and mutate?
For some reason I could not and I had to create a second logstash to remove url field and convert newid to integer because it is really an integer.
I was able to merge all to one filter. it is working.
So I use index1 as input and make index2 as output.
So far so good.
The next step (hopefully the last step) is to use index2 and add index3 to it as input and make index4 as output.
Currently I made this as a separate logstash.
So I have one logstash to do:
index1 ---->user filter and some staff --->index2
And the other logstash to do:
index1,index2----->user filter and some staff--->index4
Can I merge both logstash to one?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.