I am having logs in txt file contains fields below. I want to extract country code from mobile number and create (translate) into new field called country.
I checked with translate filter but not getting how to extract country code digits from mobile number field to use it on translate filter.
20 is the country code for Egypt,971 is the country code for bahrain.I want to do it for all country code.
Pls, suggest to me if it's doable for at least one country code so that it can translate for others and as all country codes are unique.
log-
Mobile_Number: 201123123123User_id<....>
Mobile_Number: 971123123123User_id<....>
logstash filter-
filter{
grok {
break_on_match => false
match => {
"message" => [
"Mobile_Number: (?<Mobile_Number>[0-9]+)",
"User_id(?<User_id>[0-9]+)"
]
}}}
I found this topic on discuss elastic using ruby code in google phone lib,if any workaround is possible except this will be highly appreciable.
Discuss Elastic-logstash-link-fileds-in-aggregate-filter
Thank you in Advance.
Creating new fields such as "Country_Code" and "Country_Name" using logstash and enriching it based on "Mobile_Number" field is can be done using Ruby using phonelib library as stated earlier reply's link.
But the simple way was to use python script and parse the "Mobile_Number" field and create new fields using it by phone number library.
It has 98% accuracy and enrichment speed can be improved by using bulk update API using Elasticsearch helpers
Ref link- es bulk helper examples