How can ı split url using grok pattern?

I want to use grok pattern but ı cant't bellow mode . /xx.test.com/hls/media_600699.ts
I'd like result

{
  url:"xx.test.com",
  media:"hls",.......
}

How can ı do?

If that is your message you could use

grok { match => { "message" => "^/(?<url>[^/]+)/%{WORD:media}/" } }

Hi Badger,
Problem is solution your response. Thank you for response.

Hi Badger,
I have a question; I want to parse data
For exm; bc- hls-
Expected Result;
{
a=bc
b=-
c=hls
d=-
}

Actually, I need to as b and d, The grok model ı use as a follows

Other question
Exm data line as useragent
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.1.2 Safari/605.1.15"

I use grok model

%{QS:csUseragent:string}

Result

{
"csUseragent": "\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.1.2 Safari/605.1.15\""
}

Expected Result

{
"csUseragent": Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.1.2 Safari/605.1.15
}

Can ı help you?

See here.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.