Extract substring from the path

Xhar · November 9, 2023, 12:09pm

in this config

input {
  file {
    mode => "read"
    path => "/opt/stromReciever/parsed_data/changedRights/csv/*.json"
    start_position => "beginning"
    sincedb_path => "/dev/null"
    codec => "json"
    type => "csv"
  }

  file {
    mode => "read"
    path => "/opt/stromReciever/parsed_data/changedRights/cve_mitre/*.json"
    start_position => "beginning"
    sincedb_path => "/dev/null"
    codec => "json"
    type => "cve_mitre"
  }

  file {
    mode => "read"
    path => "/opt/stromReciever/parsed_data/changedRights/cwe_mitre/*.json"
    start_position => "beginning"
    sincedb_path => "/dev/null"
    codec => "json"
    type => "cwe_mitre"
  }

  file {
    mode => "read"
    path => "/opt/stromReciever/parsed_data/changedRights/ibm_x_force/*.json"
    start_position => "beginning"
    sincedb_path => "/dev/null"
    codec => "json"
    type => "ibm_x_force"
  }

and 10 more similar inputs.
How can i extract name of any, that located between parsed_data/changedRights/ and /*.json
I need it to make opensearch index based on subfolder name, but write only one input, smt like this:

input {
  file {
    mode => "read"
    path => "/opt/stromReciever/parsed_data/changedRights/*/*.json"
    start_position => "beginning"
    sincedb_path => "/dev/null"
    codec => "json"
  }
}

system · November 9, 2023, 12:09pm

OpenSearch/OpenDistro are AWS run products and differ from the original Elasticsearch and Kibana products that Elastic builds and maintains. You may need to contact them directly for further assistance.

(This is an automated response from your friendly Elastic bot. Please report this post if you have any suggestions or concerns )

leandrojmp · November 9, 2023, 12:43pm

Which Logstash version are you using?

You can get this information using a parsing filter like dissect on the field that has the path of the file.

Something like this:

filter {
    dissect {
        mapping => {
            "[log][file][path]" => "/opt/stromReciever/parsed_data/changedRights/%{index_name}/*.json"
        }
    }
}

system · December 7, 2023, 12:44pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to capture text from a path or s3 prefix Logstash	12	3351	September 21, 2017
Can we extract folder and file out of log.file.path field? Kibana	5	2795	March 3, 2020
Extract a string from logstash path Kibana	6	4735	January 18, 2018
File input plugin is treating the line as plain string eventhough the input is json Logstash	11	324	May 25, 2023
Extract substring from filename Logstash	1	239	May 27, 2020

Extract substring from the path

Related topics