In Logstash how to extract substring in a bigger string?

Question

Feeling difficulty in writing grok patterns.Please help

I have GetIndicatorsByAnalysisProcessIDServlet service method is called and in this how to extract only GetIndicatorsByAnalysisProcess and text GetIndicatorsByAnalysisProcess will not be same

Here challenging i felt is truncating string from backward direction

i followed up

grok {
  match => ["destinationid", "(?<fieldname>discard.{7})"]
}  

it high-lets considering number of characters from start

Answer 1

If I understand you correctly, you need to have the first word in a variable. This is achievable via

(?<fieldname>[^\s]*)\s*

with sample output from it

{
  "fieldname": [
    [
      "GetIndicatorsByAnalysisProcessIDServlet"
    ]
  ]
}

In case you have various beginnings with optional spaces but an exactly same ending of the sentence, the effective regexp will be different.