Hi,
I'm using Elastic Stack V5.5 and using logstahs for parse log from DNS server log. Something like that
(6)mobile(4)pipe(4)aria(9)microsoft(3)com(0)
(7)outlook(6)office(3)com(0)
(5)nexus(10)officeapps(4)live(3)com(0)
Now i want parse query domain to friendly domain like
mobile.pipe.aria.microsoft.com
outlook.office.com
nexus.officeapps.live.com
How can do it?
Thanks so much!
How about using a mutate filter and its gsub option to replace \(\d+\) with a period?
Thank for your suggestion. It's worked, but i got string after used gsub
.mobile.pipe.aria.microsoft.com.
How to remove first and last dot (.) in string ?
How to remove first and last dot (.) in string ?
Use gsub to replace ^\. and \.$ with empty strings.
Thanks you so much!
My problem is solved!
Is config looklike that ?
filter {
mutate {
gsub => [
"domain", "\(\d+\)", ".",
"domain", "^\.", "",
"domain", "\.$", ""
]
}
}This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.