Hello,
i am currently building a new pipeline for filebeat where we ingest a lot of different logfiles, e.g.
now i want a field in every document that says:
So, is it possible to parse an existing field (log.file.path: /log/appname1.log) with an regex and use the result in a new field?
Hi,
You can use the grok processor for that: Grok processor | Elasticsearch Reference [7.11] | Elastic
You can use the Kibana grok debugger(available under Dev Tools) to test your pattern.
Best regards
Wolfram
great, it works quite well for me
Thanks!
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.