Common Option 'id' in input plugin

beyondcompare · June 2, 2020, 5:52pm

Dear all,

Thank you very much for your time to read my question.

I have created a config file with the the input section shown below.

input {
file {
path => [
"/var/log/messages"
]
id => "syslog"
tags => "syslog"
}
}

I understand the deprecation of 'type' and thus I have used 'tags' extensively. However, I'm also aware that seeking a value from a list can be less efficient and would like to use 'id' here for a condition critera. For example, under 'filter' section, I'd like to have:-

filter {
if [id] == "syslog" { do one thing} # however this doesn't work
if "syslog" in [tags] { do one thing} # this works
else {do another}
}

Grateful if you could instruct how I can use 'id' in this case? I'm unable to find any information from the document.

Many thanks in advance,

James Ren

Badger · June 2, 2020, 7:23pm

The id option is not added to the events that an input generates. It is used to label the statistics about the input that you can access using the monitoring API.

If you want to add additional fields to the events use the add_field common option.

beyondcompare · June 2, 2020, 8:03pm

Thank you, that makes sense.

Would there be any performance penalty for 'adding a field' and then 'remove the field' before output?

Badger · June 2, 2020, 8:29pm

Well the operation is not free, but adding a field to a hash (which is what it is doing) is a pretty cheap operation.

system · June 30, 2020, 8:29pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.