Update/rewrite the value in a field?

Josh_Reichardt · April 5, 2017, 5:06am

I have a log that has the pattern similar to the following in a field called host:

ip-x-x-x-x.us-west-2.compute.internal

I'm wondering if there is a good way to apply a regex to the value in the field so I obtain just the IP address, like x.x.x.x. Is this supported?

I was looking at mutate but I'm not seeing a way to apply a regex to the value of a field to update it. Is this possible or is there another good way to accomplish this that I'm not seeing?

EDIT: I think I have the regex I need, just trying to figure out how to apply it to a field.

Christian_Dahlqvist · April 5, 2017, 6:00am

You can use the grok filter to do regex processing on fields.

Josh_Reichardt · April 5, 2017, 5:29pm

Derp. That was it, thanks @Christian_Dahlqvist.

system · May 3, 2017, 5:29pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.