Array variable or loop

oussama · August 24, 2015, 4:03pm

Hi,

I hava many input file in my configuration file, like this:

file {
path => "/root/elasticsearch/test-logs/log-node1.log"
type => "apache"
}
file {
path => "/root/elasticsearch/test-logs/log-node2.log"
type => "apache"
}
file {
path => "/root/elasticsearch/test-logs/log-node3.log"
type => "apache"
}
file {
path => "/root/elasticsearch/test-logs/log-node4.log"
type => "apacher"
}

In my filter bloc, i test evry input file

I want to do somting like this :

i ={ 1,2, 3,4}

if [path] == "/root/elasticsearch/test-logs/log-node**(i)**.log" {

grok {
patterns_dir => "./patterns"
match => [ "message", "%{HTTPDATE:timestamp}|{DATA:httpsession}}" ]

mutate {
add_field => { "httpsessionNode(i)" => "%{httpsession}" }

}

Can u help me

thx

DracoBlue · August 24, 2015, 4:35pm

I don't know how to do this, but if you want to match on a specific file name pattern, you can use normal glob patterns (I added a * instead of the number):

path => "/root/elasticsearch/test-logs/log-node*.log"

This matches all log-node*.log files. This might work, if the number is somewhere in the log available to you.

oussama · August 24, 2015, 7:08pm

thanks for your answer.

I wanna get a specific patterns for every node.

michaellizhou · August 24, 2015, 8:38pm

What is your goal? To have a field httpsessionNode(i) that contains the data?

To get your results the easiest way is to just create N separate logstash instances. Each with a certain path and you can easily set the httpsessionNode(i) value. Its not pretty but it works.

oussama · August 25, 2015, 7:26am

Hi michael,

I modified my topic, i think that my goal is clear now,

Can i do that with Logstash