Hello,
I have typical scenatio. I have field that contains distinguished name. I need to extract common name and copy it to new field. I have working regex but i really dont know how to use it in match.
Existing field
event_data.MemberName : CN=Admin,OU=Admins,OU=GLOBAL,DC=TEST,DC=LOCAL
wanted field:
CommonName : Admin
I have regex tested on rubular.com
^CN=([^,]*).*
Thanks a lot.
Jan
Have you tried Oniguruma?
For regex based extraction, i'm using something like this:
grok {
match => {
"source_field" => "(?<destination_field>^CN=([^,]*).*)"
}
}
I'm not sure if that will work, but I'd start with that.
Hi Saif3r,
This is actualy what I tried. this will copy all DN to new field.
grok {
match => {
"[event_data][MemberName]" => "(?<MemberNameShort>^CN=([^,]*).*)"
}
}
result:
MemberNameShort : CN=Admin,OU=Global Admins,OU=GLOBAL,DC=TEST,DC=LOCAL
event_data.MemberName : CN=Admin,OU=Global Admins,OU=GLOBAL,DC=TEST,DC=LOCAL
regex match but not use match group.
Jan
So your issue is related to regex expression, not the config itself.
Try this instead:
(?<=CN=)\w*[^,]
Result:
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
