Hello,
i am currently building a new pipeline for filebeat where we ingest a lot of different logfiles, e.g.
now i want a field in every document that says:
So, is it possible to parse an existing field (log.file.path: /log/appname1.log) with an regex and use the result in a new field?
Hi,
You can use the grok processor for that: Grok processor | Elasticsearch Reference [7.11] | Elastic
You can use the Kibana grok debugger(available under Dev Tools) to test your pattern.
Best regards
Wolfram
great, it works quite well for me
Thanks!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.