I am wanting to group logs by their corresponding HTTP request method, but sometimes these paths contain ids as you might expect, currently I have a field httpPath which has a value of something like: resources/12321-2132-asdf3223, but also could be like : resources/12321-2132-asdf3223/someaction. And I want to be able to achieve the following:
resources/12321-2132-asdf3223 => resources/{id}
And
resources/12321-2132-asdf3223/someaction => resources/{id}/someaction
Creating a new field: controllerPath. So I want to find and replace UUIDs with {id}, and store the result in a new field if possible.
Figured it out myself ( ;
if [httpPath] {
mutate {
add_field => { "controllerPath" => "%{httpPath}" }
}
mutate {
gsub => [
"controllerPath", "(?<GrokParse>/[A-Fa-f0-9]{8}-(?:[A-Fa-f0-9]{4}-){3}[A-Fa-f0-9]{12})", "/{id}"
]
}
}