Discuss the Elastic Stack

Replace substring and concat rest

Elastic Stack Logstash

ksremo June 18, 2020, 11:25am 1

I have DNS Logs looks like

(14)xxxxxxxxxxxx(11)keydelivery(13)mediaservices(7)windows(3)net(0)
(4)mediaservices(7)windows(3)net(0)
(3)windows.com(0)

I want to remove all (...) and replace this with a dot "."
if (..) is in front or end of the string i want to remove it.

Any clever approach without doing that in more steps like first cut the values and then build a new field out of the substrings?

Jenni June 18, 2020, 12:32pm 2

Something like this might work:

mutate {
  gsub => [
    "message", "(^\(\d*\))|(\(\d*\)$)", "",
    "message", "\(\d*\)", "."
  ]
}

1 Like

ksremo June 18, 2020, 12:52pm 3

Great help, thanks Jenni .... again

system (system) Closed July 16, 2020, 12:52pm 4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

© 2020. All Rights Reserved - Elasticsearch

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.