Hi!
I parse IIS logs with Filebeat. Field " iis.access.referrer" has values with GET-method parametes. Example: "https://www.google.com/search?q=elasticsearch"
I want to see only host name ("www.google.com") in Kibana (term aggregation). In nornalizer I can not set custom regex pattern.
How I can do it?
Elasticsearch 6.3.0
Filebeat 6.4.1
Thanks!
Hello, I think modifying the IIS module ingest pipeline and the gsub processor to create a new normalized field with only the host would be the way to do it.
I think you want to sum the request from a specific host?
Thank you very much! I will try it.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.