Get specific string from field in logstash

tungpzostar · July 15, 2020, 11:30am

Hello, I'm new to logstash and I'm having trouble with this.
I configured filebeat to receive Nginx log:
This is sample input:

  "log": {
    "offset": 2234788,
    "file": {
      "path": "/nginxlogs/nginx.abc.1234.access.log"
    }
  },

the path could be *.error.log
I need to get the string "nginx.abc.1234" from the path. Can anyone help me with this?
Thank you very much

Jenni · July 15, 2020, 11:40am

I hope that I got your request right?

grok {
  match => { "[log][file][path]" => ".*\/(?<yourstring>.+)\.(error|access)\.log$"}
}

A_Mightiev · July 15, 2020, 11:46am

You can use a ruby filter

ruby {
   code => " 
       event.set('nginxname',event.get('[log][file][path]').split('/')[-1].split('.')[0..2])
    "
}

It will be stored in ngnixname field

tungpzostar · July 15, 2020, 12:28pm

Thanks, this match is working with my string but how can I separate "nginx.abc.1234" into my field

tungpzostar · July 15, 2020, 12:29pm

This work first try. Thank you very much

system · August 12, 2020, 12:29pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Get filter value in add_field Logstash	5	565	June 27, 2019
Logstash grok nginx log Logstash	3	441	July 11, 2021
Extracting filename from log.file.path not working Logstash	9	11376	April 2, 2020
Extract folder name as field in logstash Beats filebeat	8	793	June 16, 2022
[Solved] How to get raw log in logstash Logstash	3	7646	July 3, 2017