Capturing servername and appending/propogating it to all other lines of logfile

Nanelastic · July 5, 2021, 6:53pm

Hello Guys,
I am very new to ELK stack. I am trying to parse below mentioned log using logstash config.
I figured out the grok pattern for last 3 lines. I need help in capturing the server name mentioned in either line1 or line 4 and append it to last 3 lines.

is this possible?

below is logfile :
XYZ V5.0; Process Startup; Server:MATLK657N1;
06-JUN-2020 12:03:31.61

H Machine:MATLK657N1,Date:20220607.12.03.31.61
S Id:{1137-47E8-A5B0-601C86B166CD},Method:DFSList(),Start:06-JUN-2021
C Id:{1137-47E8-A5B0-671C86B166CF},Method:DFSList(),end:06-JUN-2021
S Id:{1137-47E8-A5B0-691C86B166AC},Method:DFSList(),Start:06-JUN-2021

Badger · July 5, 2021, 8:43pm

There is an example of capturing data from one line and adding it to others here. Note the prerequisites at the end of that post.

Nanelastic · July 6, 2021, 3:39pm

This was super helpful. Thanks a ton!!

system · August 3, 2021, 3:40pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.