How to parse dynamic REST endpoint and create one constant endpoint for them

(Arjun Dandagi) #1

So, I am trying to parse the dynamically incoming rest API calls to make them look one constant to view them in kibana
so currently i am using GSUB to match the string and replace them using a constant value,
I mean for example if the dynamic endpoints are like
/v2/employees/45/salarymonth/1/something
here the numbers are dynamic
i am using gsub [ "raw_request" ,"/employees/\d+/","/employees/<employee_id>","raw_request" ,"/salarymonth/\d+/","/salarymonth/<month_id>"]

there are many such kind , and salarymonth endpoint may or may not be there

but I want to know if there is any way I can match this URL endpoint. we have almost 10 application with many endpoints, I can't do gsub itself for each application (that's a tedious task )
so what I want to do is, match and replace them to one value

#2

How about this?...

mutate { gsub => [ "message", "/([a-z]+)/\d+", "/\1/<\1_id>" ] }

That would give you

   "message" => "/v2/employees/<employees_id>/salarymonth/<salarymonth_id>/something",
(Arjun Dandagi) #3

thanks @badger , the solution i was looking for was to search for alternative to map endpoints and change those values , the TRANSLATE filter plugin was what i was looking for