From a884fd5752337b4751002df58b014e025f539922 Mon Sep 17 00:00:00 2001
From: ycz008 <yangchengzi@seethingx.com>
Date: Wed, 27 Sep 2023 15:28:22 +0800
Subject: [PATCH] update logstash

---
 dev-upgrade/elastic/logstash.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/dev-upgrade/elastic/logstash.yml b/dev-upgrade/elastic/logstash.yml
index 0d95239..7b8dca3 100644
--- a/dev-upgrade/elastic/logstash.yml
+++ b/dev-upgrade/elastic/logstash.yml
@@ -16,8 +16,9 @@ data:
           source => "message"
         }   
       }   
-      grok {
-        match => { "log.file.path" => "(?:/[^/]+){2}/(?<env>[^/]+)" }
+      mutate {
+        split => { "[log][file][path]" => "/" }
+        add_field => { "env" => "%{[log][file][path][2]}" }
       }
     }