I am reading data from files by defining path as *.log etc,
Files names are like app1a_test2_heep.log , cdc2a_test3_heep.log etc
How to configure logstash so that the part of string that is string before underscore (app1a, cdc2a..) should be grepped and added to host field and removing the default host.
Eg:
fileName: app1a_test2_heep.log
host => app1a
Here my path field is like,
path => /data/app1a_test2_heep.log
I want to extract the string before that first underscore and add to host field by removing the default host. What could be the filter for this.
I am unable to decipher what you are trying to do.
Are you trying to get a list of files to read?
Are you trying to extract a list of hosts from a list of files?
Are you trying to create a list of pathnames to process from a list of files?
Is the list of files in a file, or the current directory, or some other directory?
Please clearly explain what you are trying to do, show us what you have done (using CODE tags), show us the output you're getting from what you have done (using CODE tags), and show us the output you're trying to get (using CODE tags).
What operating system are you using?
What shell are you using?
What tools are you trying to use?
You refused to answer my questions about where your filenames are located and what you're really trying to do. Maybe this will help a little bit:
#!/bin/ksh
for path in /data/*.log *.log
do host=${path##*/}
host=${host%%[_.]*}
printf 'pathname: %s\nhost: %s\n\n' "$path" "$host"
done
This was written and tested using the Korn shell, but will work with any shell that performs basic parameter substitutions as required by the POSIX standards. Depending on what files are present in /data and in the current directory, it produces output similar to the following:
Thanks Akshay for pointing it out, I was trying first someting else with match before and later used gsub while posting I forgot to remove match from it. It can be as follows too.