Logstash translate filter

Harsh_Jain · February 15, 2018, 6:51am

I'm new to the Elastic stack and Logstash. I have a new Logstash instance that is accepting logs from beats sending to Elasticsearch. I am trying to apply translate filter based on regex keys. Here the key point to note is that I want replacement based on backreferences, i.e., replacement string must contain substring of searched string.

For e.g.
/abc/xyz/3rfd3ed32dedece has to be translated into /abc/xyz/. Here “/abc/xyz” may vary.

I have used dictonary (json) for applying translation.

Dictionary contains:
{
“^(\/[\w]*\/[\w]*\/).*$”: “$1”
}

I am not able to use backreferences in translate filter. Is it possible to use them. If yes, then how we can use it.

paz · February 15, 2018, 1:56pm

Sounds like you just want to grab a specific part of the value and skip the rest. Is that correct?
If so, I don't think the translate filter is the most suitable for that kind of operation. Some custom Ruby code would be far easier.

system · March 15, 2018, 1:57pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Translate filter to match the custom values Logstash	2	982	September 18, 2017
Logstash translate doesn't work Logstash	4	340	January 14, 2021
Using Regex in Yaml for Logstash Translate Filter Logstash	3	4401	February 5, 2017
Facing issues on translate filter Logstash	14	614	June 11, 2019
Translate filter not working properly Logstash	3	1154	February 19, 2018

Logstash translate filter

Related topics