Create a global patterns_dir

Vafa_Ronaghi · November 23, 2017, 1:44pm

Hello,

Is it possible to define a global patterns_dir for all cases in filter or it must be defined in each grok section.

Se below:

   if ("xxx" in [path])  {
      grok {
        **patterns_dir => [ "/usr/share/logstash/patterns" ]**
        match => { "message" => "^%{TIMESTAMP_ISO8601:timestamp}\;%{LOGLEVEL:loglevel}(.*);%{OPTIONALUSERNAME:user};%{TNR:tnr};%{INTEGRATION:integration};%{THREAD:thread};%{WORD:classname};%{GREEDYDATA:logmessage}$" }
        add_field => [ "logtype", "xxx" ]
      }
    }
    if ("yyy" in [path])  {
      grok {
        **patterns_dir => [ "/usr/share/logstash/patterns" ]**
        match => { "message" => "^%{TIMESTAMP_ISO8601:timestamp}\;%{LOGLEVEL:loglevel}(.*);%{OPTIONALUSERNAME:user};%{TNR:tnr};%{INTEGRATION:integration};%{THREAD:thread};%{WORD:classname};%{GREEDYDATA:logmessage}$" }
        add_field => [ "logtype", "yyy" ]
      }
    }

magnusbaeck · November 23, 2017, 2:25pm

You'll have to define it everywhere.

In this case I don't understand why you have two grok filters.

system · December 21, 2017, 2:25pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.