I want to write an if condition which takes regex for file path of window directory in logstash. Please help me with the regex pattern of C:\Windows\System32\logs\*.log .
e.g.
output{
if [log][file][path] =~ /C:\Windows\System32\logs\*.log/ {
pipeline {send_to => somepipeline }
}
}
You really need to use </> blockquote markup around configurations, because otherwise some characters from the regexp will get consumed as markup. Edit your post, select the configuration, then click on </> in the toolbar above the edit pane. You will see the appearance change in the preview pane on the right from
if [log][file][path] =~ /C:\Windows\System32\logs. .log/ {
to
if [log][file][path] =~ /C:\Windows\System32\logs..log/ {
You will need to escape those backslashes...
if [log][file][path] =~ /C:\\Windows\\System32\\logs\\*.log/ {
. means any character in regex, so you will need to escape that as well.
if [log][file][path] =~ /C:\\Windows\\System32\\logs\\*\.log/ {
* means none or more of the previous character (it is not a simple greedy wildcard). + means one or more of the following character. Combined with . these mean:
.* - none or more of any character
.+ - one or more of any character
You probably want the latter, which will give you...
if [log][file][path] =~ /C:\\Windows\\System32\\logs\\.+\.log/ {
You can test this at https://regex101.com/
Will this regex work in logstash configuration file?
Yes... as I corrected your line in my reply.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.