I want to remove domain from host.name field coming from metricbeat.
For example:
host.name = abcd.xyz.com
host.name = abc@xyz.com
I want to remove everything after . or @ or any other delimiter to save the value of host.name field like:
host.name = abcd
host.name = abc
How can I do that in logstash?
You could try it using a mutate filter
mutate { gsub => [ "[host][name]", "([A-Za-z0-9_]*)[\.@].*", "\1" ] }Is this expression storing the substring in [host][name] before . or @?
It uses a capture group (the parentheses around [A-Za-z0-9_]*), and references the first capture group in the substitution using \1.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.