Update/rewrite the value in a field?

Josh_Reichardt · April 5, 2017, 5:06am

I have a log that has the pattern similar to the following in a field called host:

ip-x-x-x-x.us-west-2.compute.internal

I'm wondering if there is a good way to apply a regex to the value in the field so I obtain just the IP address, like x.x.x.x. Is this supported?

I was looking at mutate but I'm not seeing a way to apply a regex to the value of a field to update it. Is this possible or is there another good way to accomplish this that I'm not seeing?

EDIT: I think I have the regex I need, just trying to figure out how to apply it to a field.

Christian_Dahlqvist · April 5, 2017, 6:00am

You can use the grok filter to do regex processing on fields.

Josh_Reichardt · April 5, 2017, 5:29pm

Derp. That was it, thanks @Christian_Dahlqvist.

system · May 3, 2017, 5:29pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Update field value if it matches a certain word Logstash	4	3580	October 25, 2019
Grok rewrite field value if matches string Logstash	2	943	December 21, 2016
Updating an existing field using path data Logstash	6	190	April 18, 2023
Logstash grok for change field value Logstash	7	833	March 5, 2019
Mutate - replace field string using another pattern Logstash	3	4287	December 26, 2016

Update/rewrite the value in a field?

Related topics