Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Wildcard in logstash mutate filter

https://support.nagios.com/forum/viewtopic.php?t=49018

Page 1 of 1

Wildcard in logstash mutate filter

Posted: Sun Jun 17, 2018 5:53 pm
by HASupport
Hi Support,

We have more than 500 hundred network switches and we want to change the filed "type" to network.
I used following configuration but its not working.

if [host] == "10.100.250.*" { mutate { replace => { "type" => "Network" } } }
if [host] == "10.100.251.*" { mutate { replace => { "type" => "Network" } } }

Thanks,

Re: Wildcard in logstash mutate filter

Posted: Mon Jun 18, 2018 8:09 am
by mcapra
Logstash uses the =~ operator to match regular expressions. See this page for more info:
https://www.elastic.co/guide/en/logstas ... ation.html

Try this:

Code: Select all

if [host] =~ /10\.100\.250\..*/ { mutate { replace => { "type" => "Network" } } }
if [host] =~ /10\.100\.251\..*/ { mutate { replace => { "type" => "Network" } } }
Note that I have escaped the octet separators.

Re: Wildcard in logstash mutate filter

Posted: Mon Jun 18, 2018 9:49 am
by cdienger
Thanks for the assist, @mcapra!

Re: Wildcard in logstash mutate filter

Posted: Mon Jun 18, 2018 11:53 pm
by HASupport
Thanks @mcapra, I applied and it worked
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited