Sushil
Reputation: 390
grok pattern for extracting info in logstash
I am using the grok pattern to extract some data from file path, but it does not seem to work right
path: /home/shard/logstash/test/12/23/abc_132.log
pattern: %{GREEDYDATA}/%{INT:group}/%{INT:id}/%{DATA:job_type}(_%{UUID:uuid})*\.log
I want to extract 132 as the uuid field and it works ok when tested in grok debugger [http://grokdebug.herokuapp.com/] but when applied in logstash indexer, it fetches all of abc_132 under job_type field.
What may be the issue here and how can I extract uuid (perhaps a different regex?).
Upvotes: 1
Views: 1766
Answers (1)
Ban-Chuan Lim
Reputation: 7890
You can try to get the uuid from the job_type by using the ruby filter
ruby {
code => "event['uuid'] = event['job_type'].split('_')[1]"
}
Hope this can help you.
Upvotes: 1
Related Questions
- Grok pattern for matching content in already parsed log line
- Grok pattern for data separated by pipe
- grok pattern to extract data from log message
- grok pattern for log event
- How to extract value from log with grok and logstash
- using grok to extract log data
- Parsing data with grok filter on logstash
- GROK Pattern filtering
- DATA pattern in logstash - grok
- Logstash Grok Pattern