Grok - extract file extension from file name

evild3ad · October 3, 2017, 8:38am

Hi,

I have problems with creating a grok filter to extract the file extension from the file name field.

Example data:
9151_to_9152.log
80bddb9998f9f66bc44b59d9899bbbb853b8958ecd9188e14fd0828e00246050.txt ($FILE_NAME)

I tried:
(.(?[^./]+))

But I don't want to have "($FILE_NAME)"...only the file extension.

Thanks!

evild3ad · October 3, 2017, 9:38am

(.(?[0-9A-Za-z]*))

evild3ad · October 3, 2017, 1:51pm

Hm...but here is it still not working:

Apps - Process All.pas.0001.bak

Any idea?

magnusbaeck · October 3, 2017, 2:15pm

Make sure you escape the period and add a $ anchor at the end so you only match alphanumerical sequences at the end of the string.

system · October 31, 2017, 2:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Extract file name and add as a field Logstash	3	2445	September 18, 2021
How can I make my Grok filter match a file extension or blank (if no extension)? Logstash	3	536	November 3, 2021
Grok filter to retrieve simple words or character from text/string Logstash	8	4533	December 29, 2017
Grok filter not working to capture filename Logstash	2	1796	July 27, 2017
Couldn't extract filename from "source" field Logstash	3	1443	July 6, 2017