search

logstash-plugins / logstash-filter-dissect

Extract structured fields from an unstructured line
Apache License 2.0
13 stars 22 forks source link

A way to handle repeating (1-n) delimiters #60

Open ppf2 opened 6 years ago

ppf2 commented 6 years ago

Consider the following use case where a conditional statement in Logstash is attempting to check a file name match.

if [source] =~ \/(something)\.log$

Given that source is a file path coming from beats (with / as a delimiter), source can have any number (1-n) of / delimiters in the file path until it gets to the file name. If there is a way to define a repeating delimiter, then it will be cool to be able to use dissect to just extract out the file name piece and change the if statement to a direct match instead of using regex.

amitavmohanty01 commented 5 years ago

I had a similar case https://discuss.elastic.co/t/matching-direction-in-dissect/195995

My approach was to use directional matching rather than repeating delimiters.

+1 for the feature, whatever be the choice of approach.