Hi guys!
We have SNMP trap logs. We send this logs using filebeat. Our filebeat configuration:
- input_type: log
paths: ["/var/log/snmptrapd.log"]
fields:
tagtype: linux
tagapps: traps
logtype: traps-diagnostic
close_timeout: 1h
multiline.pattern: '[0-9]+-[0-9]+-[0-9]+.[0-9]+:[0-9]+:[0-9]+,[0-9]{3}'
multiline.negate: true
multiline.match: after
We want to get trap types and assign this value to specific field (I want simply known If It's possible). For example I want to create field trap-type and assign value for this field based on parsed log. Example of log:
resourceConservationMode trap from <host>
I want to assign "resourceConservationMode" to field trap-type. It must be dynamically. So , If it will be new trap type , It will assign new value. I want simply search logs by trap type field. Does It possible?