Untested:
filter {
grok {
match => ["URL", "\.(?<Domain>[^.]+\.[^.]+)$"]
}
}
Splitting the string on each period, grabbing the two last elements, and joining them back together should be a lot more efficient though.
Untested:
filter {
grok {
match => ["URL", "\.(?<Domain>[^.]+\.[^.]+)$"]
}
}
Splitting the string on each period, grabbing the two last elements, and joining them back together should be a lot more efficient though.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.