Logstash grok filter with regex

srkrishna · November 17, 2018, 4:06am

Hello,

I was trying to create fields in logstash grok filter based on the source file name which contains a regex match for hostname.

I have the below log lines

########################################################
/var/log/iptrace/log/IP2_HOSTNAME1_HDDFTSC_00608300.C1001.log
/var/log/iptrace/log/IP2_HOSTNAME2_00603200.C2001.log
/var/log/iptrace/log/IP2_HOSTNAME3_HDDFTSC_00608112.C1001.log
/var/log/iptrace/log/IP2_HOSTNAME4_00603477.C5001.log
###########################################################

Grok match regex : .IP2_(?.).* or .*(?.)_.

I get the output as

/var/log/iptrace/log/IP2_HOSTNAME1_HDDFTSC_00608300.C1001.log
MATCHED
hostname HOSTNAME1_HDDFTSC
/var/log/iptrace/log/IP2_HOSTNAME2_00603200.C2001.log
MATCHED
hostname HOSTNAME2
/var/log/iptrace/log/IP2_HOSTNAME3_HDDFTSC_00608112.C1001.log
MATCHED
hostname HOSTNAME3_HDDFTSC
/var/log/iptrace/log/IP2_HOSTNAME4_00603477.C5001.log
MATCHED
hostname HOSTNAME4

I was trying to test all kinds of regex to strip/truncate the string after the"HOSTNAME*".
Can any one please help me fix this issue?

I need to apply this in logstash.

Appreciate your valuable response.

Regards,
Siva

system · December 15, 2018, 4:06am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Grok Pattern Logstash	5	695	September 16, 2021
GROK, regexp, string. Help! Logstash	6	413	December 20, 2019
Split grok pattern Logstash	3	2826	July 6, 2017
Can I use grok to match fields? Logstash	2	805	July 6, 2017
Writing grok filter for my usecase Logstash	5	494	September 6, 2017

Logstash grok filter with regex

Related topics