Parse directory name regex

Sonne · December 9, 2015, 5:48pm

Hello. I have the logline
2015.10.05 18:32:25.913:Process cannot access the file 'file.txt' because it is being used by another process

I have written the grok:

(?m)%{YEAR:year}.%{MONTHNUM:month}.%{MONTHDAY:day}%{SPACE}%{TIME:time}:%{GREEDYDATA:text}

I need to parse name of directory in the brackets : . I need only parse a directory name after "Log" folder. Directory name could be named as 3-digit name. Folder's name should be written to "fldrname" field. After parsing

need to be deleted from @message. I will be appreciate for any help.

magnusbaeck · December 9, 2015, 6:05pm

So you want C:\AR\Log\178 in the fldrname field? Match everything in the string up until the last backslash. The last backslash is the backslash that isn't followed by another backslash. Untested suggestion:

%{GREEDYDATA:fldrname}\\[^\\]+$

Sonne · December 10, 2015, 1:13am

I want only 178 in fldrname

magnusbaeck · December 10, 2015, 6:42am

Slight variation then:

%{GREEDYDATA}\\(?<fldrname>[^\\]+)\\[^\\]+$

Sonne · December 10, 2015, 8:39am

Thank you. It's working.

Topic		Replies	Views
Logstash: regex to get part of file name Logstash	3	615	January 13, 2021
Extracting particular folder from the path and adding that to a field Logstash	7	1150	August 31, 2018
File Path Directory name extract Regex Logstash	4	2641	April 30, 2018
Grok crash if line ending by backslash Logstash	2	308	February 21, 2020
Error parsing simple log Logstash	2	265	October 18, 2019

Parse directory name regex

Related topics