Grok - extract file extension from file name

evild3ad · October 3, 2017, 8:38am

Hi,

I have problems with creating a grok filter to extract the file extension from the file name field.

Example data:
9151_to_9152.log
80bddb9998f9f66bc44b59d9899bbbb853b8958ecd9188e14fd0828e00246050.txt ($FILE_NAME)

I tried:
(.(?[^./]+))

But I don't want to have "($FILE_NAME)"...only the file extension.

Thanks!

evild3ad · October 3, 2017, 9:38am

(.(?[0-9A-Za-z]*))

evild3ad · October 3, 2017, 1:51pm

Hm...but here is it still not working:

Apps - Process All.pas.0001.bak

Any idea?

magnusbaeck · October 3, 2017, 2:15pm

Make sure you escape the period and add a $ anchor at the end so you only match alphanumerical sequences at the end of the string.

Topic		Replies	Views
Extract file name and add as a field Logstash	3	2751	September 18, 2021
Grok filter to retrieve simple words or character from text/string Logstash	8	4754	December 29, 2017
How can I make my Grok filter match a file extension or blank (if no extension)? Logstash	3	690	November 3, 2021
Create field form file name Logstash	3	408	April 7, 2021
Timeout executing grok 5.4.3 Logstash	3	1098	August 10, 2017