input {
generator { "message" => 'C:\Users\takuya\Desktop\_Summary presentation\references'
count => 1 }
}
filter {
#dissect { mapping => { "message" => "%{disk}\%{dir1}\%{dir2}\%{_dir3}\%{dir4}\%{dir5}" } }
dissect { mapping => { "message" => "%{}\%{}\%{}\%{dir3}\%{}\%{}" } }
grok {
#match => { "message" => "%{WORD:gdisk}\:\\%{DATA:gdir1}\\%{DATA:gdir2}\\%{DATA:gdir3}\\%{DATA:_gdir4}\\%{GREEDYDATA:gdir5}" }
match => { "message" => "%{WORD}\:\\%{DATA}\\%{DATA}\\%{DATA:gdir3}\\%{DATA}\\%{GREEDYDATA}" }
}
mutate { copy => { "message" => "[@metadata][path]"} }
mutate { gsub => [ "[@metadata][path]", "[\\]", '/' ] }
mutate { split => { "[@metadata][path]" => "/" }
add_field => { "dirname" => "%{[@metadata][path][3]}"}
}
}
output {
stdout {codec => rubydebug }
}
Result:
{
"message" => "C:\\Users\\takuya\\Desktop\\_Summary presentation\\references",
"gdir3" => "Desktop",
"dir3" => "Desktop",
"dirname" => "Desktop"
}