Thanks for your quick reply !
I just found a solution on my own but thanks for your help !
By reading the Filebeat documentation once again I noticed that you can define more than one input and apply a specific tag on each. That's what my filebeat.yml > filebeat.inputs looks like now
- type: log
enabled: true
paths:
- C:\Users\ET02910\ElasticSearch\apache_tests\access*
tags: ["log access"]
- type: log
enabled: true
paths:
- C:\Users\ET02910\ElasticSearch\apache_tests\error*
tags: ["log error"]
- type: log
enabled: true
paths:
- C:\Users\ET02910\ElasticSearch\apache_tests\mod_jk*
tags: ["log mod_jk"]
And then I just have to check my condition on the tags field which is accessible from Logstash :
if "log access" in [tags]{
mutate {
add_field => {"test_field" => "I'm just here for a test"}
}
}
Concerning the source field you were talking about, I tried with source and _source before posting here but none of them worked.
Thanks for your help anyway,
Have a nice week-end !