After successfully parsing out this field from my log files, I want to extract information from this field and store it as a separate field, I looked through lots of the filters and didn't find one that serves this purpose, the field looks like this:
It should be like a path(text replaced by stars for company's sake), I want information between the bracket, or even better the two names(represented by stars). Any hints would be really appreciated <:
Use the grok filter. I'm not 100% sure what result you expect from the example input string, but if you want the text inside the two single-quoted strings the following should work:
grok {
match => [
"name-of-field",
"@name='(?<name1>[^']+)'.*@name='(?<name2>[^']+)'"
]
]
If the single-quoted strings themselves can contain single quotes that are escaped somehow it'll take some more care.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.