Logstash grok parse doesn't parse error code

EZprogramming · August 29, 2019, 11:26pm

Logstash version: 7.0.1

Given filename => "EUI106_occurances", I want to have code => "EUI106".

The following grok parse filter doesn't work:

filter{
   grok {
      match => { "filename", "%{POSTFIX_QUEUEID:code}" }
   }
}

EZprogramming · August 29, 2019, 11:36pm

grok {
    match => ["filename","%{GREEDYDATA}/%{GREEDYDATA:code}\_occurances"]
}

or

grok {
    match => ["filename","%{GREEDYDATA}/%{GREEDYDATA:code}"]
}
mutate {
    gsub => ["code", "_occurances", ""]
}

system · September 26, 2019, 11:36pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.