How can ı split url using grok pattern?

khergner · April 2, 2019, 12:27pm

I want to use grok pattern but ı cant't bellow mode . /xx.test.com/hls/media_600699.ts
I'd like result

{
  url:"xx.test.com",
  media:"hls",.......
}

How can ı do?

Badger · April 2, 2019, 12:50pm

If that is your message you could use

grok { match => { "message" => "^/(?<url>[^/]+)/%{WORD:media}/" } }

khergner · April 2, 2019, 1:41pm

Hi Badger,
Problem is solution your response. Thank you for response.

khergner · April 3, 2019, 6:34am

Hi Badger,
I have a question; I want to parse data
For exm; bc- hls-
Expected Result;
{
a=bc
b=-
c=hls
d=-
}

Actually, I need to as b and d, The grok model ı use as a follows

khergner · April 3, 2019, 6:54am

Other question
Exm data line as useragent
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.1.2 Safari/605.1.15"

I use grok model

%{QS:csUseragent:string}

Result

{
"csUseragent": "\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.1.2 Safari/605.1.15\""
}

Expected Result

{
"csUseragent": Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.1.2 Safari/605.1.15
}

Can ı help you?

Badger · April 3, 2019, 1:11pm

See here.

system · May 1, 2019, 1:11pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.