How to parse the below scenario?

Elastic Stack Logstash
1

Hi All,

Please find the below mentioned inputs

  1. /abcd/efgh/yj/kl/mn/op
  2. abcd/efgh/yj/kl/mn/op
  3. abcd
  4. /abcd
  5. abcd/

Output Required: servicename = abcd

I have tried two grok parser

  1. (/)?%{DATA:servicename}/ ==> Making last / mandatory
  2. (/)?%{DATA:servicename}(/)? ==> Nothing is coming in servicename field

Can you please help me regarding the same?

Regards,
Debashis

2

That is very strange!

You can use

grok { match => { "message" => "^(/)?(?<servicename>[^/]+)(/)?" } }
3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.