hi I meet a weird problem, I want to parse my hostname is "alexworkstation-alex", I wanna get the string "alexworkstation" , so I split the hostname by "-" . but I can't add_field .
this is follow with official doc: https://www.elastic.co/guide/en/logstash/current/plugins-filters-mutate.html
my logstash.yml is :
input {
beats {
port => 5044
}
}
filter {
mutate {
split => { "hlexname" => "-" }
add_field => { "shortHostname" => "%{hlexname[0]}" }
}
}
output {
stdout { }
}
This is the output:
{
"@version" => "1",
"log" => {
"file" => {
"path" => "/workspace/log/alex.log"
},
"offset" => 261
},
"ecs" => {
"version" => "1.5.0"
},
"hlexname" => [
[0] "alexworkstation",
[1] "alex"
],
"tags" => [
[0] "beats_input_codec_plain_applied",
[1] "_mutate_error"
],
"@timestamp" => 2020-12-03T08:47:31.030Z,
"agent" => {
"type" => "filebeat",
"id" => "ba946663-8b33-4cdc-9b16-ac1384ebcaee",
"ephemeral_id" => "50cbd2de-89f2-4b57-bfa9-8b56d154c818",
"version" => "7.7.1",
"hostname" => "alexworkstation-alex"
},
"input" => {
"type" => "log"
},
"message" => "Thu Dec 3 08:47:24 UTC 2020",
"host" => {
"name" => "alexworkstation-alex"
}
}