Hello,
I was trying to create fields in logstash grok filter based on the source file name which contains a regex match for hostname.
I have the below log lines
########################################################
/var/log/iptrace/log/IP2_HOSTNAME1_HDDFTSC_00608300.C1001.log
/var/log/iptrace/log/IP2_HOSTNAME2_00603200.C2001.log
/var/log/iptrace/log/IP2_HOSTNAME3_HDDFTSC_00608112.C1001.log
/var/log/iptrace/log/IP2_HOSTNAME4_00603477.C5001.log
###########################################################
Grok match regex : .IP2_(?.).* or .*(?.)_.
I get the output as
/var/log/iptrace/log/IP2_HOSTNAME1_HDDFTSC_00608300.C1001.log
MATCHED
hostname HOSTNAME1_HDDFTSC
/var/log/iptrace/log/IP2_HOSTNAME2_00603200.C2001.log
MATCHED
hostname HOSTNAME2
/var/log/iptrace/log/IP2_HOSTNAME3_HDDFTSC_00608112.C1001.log
MATCHED
hostname HOSTNAME3_HDDFTSC
/var/log/iptrace/log/IP2_HOSTNAME4_00603477.C5001.log
MATCHED
hostname HOSTNAME4
I was trying to test all kinds of regex to strip/truncate the string after the"HOSTNAME*".
Can any one please help me fix this issue?
I need to apply this in logstash.
Appreciate your valuable response.
Regards,
Siva