Removing numerical character in Grok filter

Question

I am trying to write a Grok filter to parse WSO2 logs in logstash. I am able to map all required attributes. But in one attribute we need to remove 10 numerical characters.

Can someone please give me some idea how to do it in Grok pattern.

Example - Getting Below:

"context": [
    [
      "/app/custManagement/v2/customer/lookup/9999999999"
    ]

Expected:

"context": [
    [
      "/app/custManagement/v2/customer/lookup/"
    ]

WSO2 Logs:

TID: [-1234] [] [2020-05-11 15:20:16,803]  INFO {org.apache.synapse.mediators.builtin.LogMediator} -  WSO2Status = SUCCESS, APIE2ETime = /app/custManagement/v2/customer/lookup/9999999999, X-External-CorrelationId = 7613691301, IN = 2020-05-11T15:20:15.656+05:30, OUT = 2020-05-11T15:20:16.803+05:30, HTTP_SC = 200, Channel = WEB, Http_Method = GET, RemoteAddress = 17.98.27.231 {org.apache.synapse.mediators.builtin.LogMediator}

Grok Pattern:

TID:%{SPACE}\[%{INT:tenant_id}\]%{SPACE}\[]%{SPACE}\[%{TIMESTAMP_ISO8601:hit_timestamp}\]%{SPACE}%{LOGLEVEL:level}%{SPACE}{%{JAVACLASS:java_class}}%{SPACE}-%{SPACE}WSO2Status%{SPACE}=%{SPACE}%{WORD:Status},%{SPACE}APIE2ETime%{SPACE}=%{SPACE}%{GREEDYDATA:context},%{SPACE}X-External-CorrelationId%{SPACE}=%{SPACE}%{WORD:CorrelationId},%{SPACE}IN%{SPACE}=%{SPACE}%{TIMESTAMP_ISO8601:in_timestamp},%{SPACE}OUT%{SPACE}=%{SPACE}%{TIMESTAMP_ISO8601:out_timestamp},%{SPACE}HTTP_SC%{SPACE}=%{SPACE}%{INT:http_sc},%{SPACE}Channel%{SPACE}=%{SPACE}%{WORD:channel},%{SPACE}Http_Method%{SPACE}=%{SPACE}%{WORD:http_method},%{SPACE}RemoteAddress%{SPACE}=%{SPACE}%{IP:remoteaddress}%{SPACE}{%{JAVACLASS:java_class2}}

Answer 1

Replace this:

=%{SPACE}%{GREEDYDATA:context},%{SPACE}

by

=%{SPACE}%{GREEDYDATA:context}/%{NUMBER},%{SPACE}