Extract substring from the path

Elastic Stack Logstash
1

in this config

input {
  file {
    mode => "read"
    path => "/opt/stromReciever/parsed_data/changedRights/csv/*.json"
    start_position => "beginning"
    sincedb_path => "/dev/null"
    codec => "json"
    type => "csv"
  }

  file {
    mode => "read"
    path => "/opt/stromReciever/parsed_data/changedRights/cve_mitre/*.json"
    start_position => "beginning"
    sincedb_path => "/dev/null"
    codec => "json"
    type => "cve_mitre"
  }

  file {
    mode => "read"
    path => "/opt/stromReciever/parsed_data/changedRights/cwe_mitre/*.json"
    start_position => "beginning"
    sincedb_path => "/dev/null"
    codec => "json"
    type => "cwe_mitre"
  }

  file {
    mode => "read"
    path => "/opt/stromReciever/parsed_data/changedRights/ibm_x_force/*.json"
    start_position => "beginning"
    sincedb_path => "/dev/null"
    codec => "json"
    type => "ibm_x_force"
  }

and 10 more similar inputs.
How can i extract name of any, that located between parsed_data/changedRights/ and /*.json
I need it to make opensearch index based on subfolder name, but write only one input, smt like this:

input {
  file {
    mode => "read"
    path => "/opt/stromReciever/parsed_data/changedRights/*/*.json"
    start_position => "beginning"
    sincedb_path => "/dev/null"
    codec => "json"
  }
}
2

OpenSearch/OpenDistro are AWS run products and differ from the original Elasticsearch and Kibana products that Elastic builds and maintains. You may need to contact them directly for further assistance.

(This is an automated response from your friendly Elastic bot. Please report this post if you have any suggestions or concerns :elasticheart: )

3

Which Logstash version are you using?

You can get this information using a parsing filter like dissect on the field that has the path of the file.

Something like this:

filter {
    dissect {
        mapping => {
            "[log][file][path]" => "/opt/stromReciever/parsed_data/changedRights/%{index_name}/*.json"
        }
    }
}
4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.