Hi, I have a question regarding logstash.. Right now, I have a few different CSV files that are being shipped into logstash. The CSV file example is below.
THE example
File 1
url.com ,192.xxx.xxx.xxx,product-A
urlA.com ,192.xxx.xxx.xxx,product-B
urlB.com ,192.xxx.xxx.xxx,product-C
urlC.com ,192.xxx.xxx.xxx,product-D
File 2
mix.com ,192.xxx.xxx.xxx,mix-A
mixA.com ,192.xxx.xxx.xxx,mix-B
mixB.com ,192.xxx.xxx.xxx,mix-C
mixC.com ,192.xxx.xxx.xxx,mix-D
File 3
post.com ,192.xxx.xxx.xxx,post-A
postA.com ,192.xxx.xxx.xxx,post-B
postB.com ,192.xxx.xxx.xxx,post-C
postC.com ,192.xxx.xxx.xxx,post-D
the question is, how can I add a new_field for all data with the same text? does this mutate correct?
if "url.com" in [domain] {
mutate {
add_field => { "original" => "url.comg" }
}
}
THE result
File 1
url.com ,192.xxx.xxx.xxx,product-A, url.com
urlA.com ,192.xxx.xxx.xxx,product-B, url.com
urlB.com ,192.xxx.xxx.xxx,product-C, url.com
urlC.com ,192.xxx.xxx.xxx,product-D, url.com
File 2
mix.com ,192.xxx.xxx.xxx,mix-A, mix.com
mixA.com ,192.xxx.xxx.xxx,mix-B, mix.com
mixB.com ,192.xxx.xxx.xxx,mix-C, mix.com
mixC.com ,192.xxx.xxx.xxx,mix-D, mix.com
File 3
post.com ,192.xxx.xxx.xxx,post-A, post.com
postA.com ,192.xxx.xxx.xxx,post-B, post.com
postB.com ,192.xxx.xxx.xxx,post-C, post.com
postC.com ,192.xxx.xxx.xxx,post-D, post.com