I have files which looks like this. My logstash pipeline looks like this (Have omitted the output part intentionally).
I require only the top part of the file which essentially consists of key value pairs as in single record in Elasticsearch along with some other fields like date, time, version by parsing specific sentences like The deployment started 3/19/2019 at 2:05 and Rev = CTRL_VER = 2.18_SmartMicrov3.a_TC16MPv5.0 at site KX028.
-
My first issue is, the values of some key look mixed up, i.e although in ES we have source as file1.log whose key1=value1, in ES I see "key1":"value2". Looks like my termination condition to send the event to output is wrong?
-
Secondly, is there a way to check for end of file in logstash filter part?