New to logstash -
I'm trying to add a field that contains the http host value (http://host.domin.com/).
I have the combinedlog pattern to match the "message" field and now I'm trying to use the addfield but i don't know how to reference the pattern field referrer within the addfield command.
addfield => [ "httphost" => pattern field %{referrer} regex: ^http://./.?$ ]
I don't know the correct syntax for applying a regex to a field derived from the match pattern.
thanks
Hi cisaksen,
grok {
match => [ "message", "(?<httphost>^http://./.?$) "]
}
? will add the new field with the regex you define behind it, like shown above
Not sure I'm getting this right.
Can I have 2 match commands on the message
grok {
match => { "message" => "%{SED_NGINX_COMBINE}" }
match => [ "message", "(?<httphost>^http://./.?$) " ]
}I'm trying to use the pattern file method. Can I have multiple pattern definitions in a single file or is it 1 pattern definition per file ?
in side the pattern file
SED_HTTPHOST ^http://./.?$
then in the grok statement
match => { "message" => "%{SED_NGINX_COMBINE} %{SED_HTTPHOST:httphost}" }
SED_NGINX_COMBINED is also defined in the pattern file.
should this work ?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.