I'm new to the Elastic stack and Logstash. I have a new Logstash instance that is accepting logs from beats sending to Elasticsearch. I am trying to apply translate filter based on regex keys. Here the key point to note is that I want replacement based on backreferences, i.e., replacement string must contain substring of searched string.
For e.g.
/abc/xyz/3rfd3ed32dedece has to be translated into /abc/xyz/. Here “/abc/xyz” may vary.
I have used dictonary (json) for applying translation.
Dictionary contains:
{
“^(\/[\w]*\/[\w]*\/).*$”: “$1”
}
I am not able to use backreferences in translate filter. Is it possible to use them. If yes, then how we can use it.