Regular Expressions 101

Community Patterns

GROK to split log file name by dots

0

Regular Expression
PCRE2 (PHP >=7.3)

/
(?<environment>\w+)\.(?<company>[a-zA-Z-_]+)\.(?<logtype>[a-zA-Z-_]+)
/
gm

Description

Use Filebeat and split log filenames in Logstash into separate fields: grok { match => [ "[log][file][path]", "(?<environment>\w+)\.(?<company>[a-zA-Z-_]+)\.(?<logtype>[a-zA-Z-_]+)"] }

use filenames like /var/log/nginx/live.cnt-evac.access.log /var/log/nginx/live.cnt-envac.error.log /var/log/nginx/staging.mastodon.error.log /var/log/nginx/staging.rundll.error.log

Submitted by SeparateReality - 3 years ago