Hello, I'm new to logstash and I'm having trouble with this.
I configured filebeat to receive Nginx log:
This is sample input:
"log": {
"offset": 2234788,
"file": {
"path": "/nginxlogs/nginx.abc.1234.access.log"
}
},
the path could be *.error.log
I need to get the string "nginx.abc.1234" from the path. Can anyone help me with this?
Thank you very much
I hope that I got your request right?
grok {
match => { "[log][file][path]" => ".*\/(?<yourstring>.+)\.(error|access)\.log$"}
}You can use a ruby filter
ruby {
code => "
event.set('nginxname',event.get('[log][file][path]').split('/')[-1].split('.')[0..2])
"
}
It will be stored in ngnixname field
Thanks, this match is working with my string but how can I separate "nginx.abc.1234" into my field
This work first try. Thank you very much 
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.