How can I drop the domain from host.name field in logstash?

Ishaan · March 12, 2021, 4:42am

I want to remove domain from host.name field coming from metricbeat.

For example:
host.name = abcd.xyz.com
host.name = abc@xyz.com

I want to remove everything after . or @ or any other delimiter to save the value of host.name field like:

host.name = abcd
host.name = abc

How can I do that in logstash?

Badger · March 12, 2021, 3:44pm

You could try it using a mutate filter

mutate { gsub => [ "[host][name]", "([A-Za-z0-9_]*)[\.@].*", "\1" ] }

Ishaan · March 12, 2021, 4:00pm

Is this expression storing the substring in [host][name] before . or @?

Badger · March 12, 2021, 4:03pm

It uses a capture group (the parentheses around [A-Za-z0-9_]*), and references the first capture group in the substitution using \1.

system · April 9, 2021, 4:04pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Solved: removing domain name from hostname (host.name) with Logstash mutate split and replace filter Logstash	1	1693	September 16, 2020
Remove field value in logstash Logstash	2	608	July 6, 2017
Configuration of Logstash to remove domain from URL Logstash	3	392	July 6, 2022
Grok filter add_field Logstash	6	2080	May 19, 2020
Simplify "host" field output from logstash Logstash	1	264	December 5, 2019