Output Wildcard for Hostname

teamg · March 20, 2019, 8:40pm

This code works:

output {
if [host][name] in ["lab4a.local.com", "lab4b.local.com"] {
elasticsearch {
index => "lab4-%{+YYYY.MM.dd}"
}
}
}

Because I have multiple hosts with the hostname lab4{a,b,c,d,e...z} it'd be simpler if I could use a wildcard in the hostname, for example
output {

if [host][name] in ["lab4*"] {
elasticsearch {
index => "lab4-%{+YYYY.MM.dd}"
}
}
}

The asterisk does work so I tried regex:

if [host][name] in ["lab4\w.*"]

but no luck either. What is the best way to use wildcards in this situation?

Badger · March 20, 2019, 9:49pm

if [host][name] =~ /^lab4*/

teamg · March 22, 2019, 2:26pm

This worked for me. Thank you once again @Badger.

system · April 19, 2019, 2:27pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elasticsearch output plugin Logstash	3	512	July 6, 2017
How many hosts I can list in logstash output Logstash	7	389	October 25, 2021
An index per host Logstash	3	763	December 8, 2018
Index by hostname? Logstash	3	911	November 19, 2022
Wildcard search in field doesn't work as expected Kibana	3	1176	December 21, 2021