Creating a dynamic S3 tag

byoungman · March 20, 2020, 4:47pm

I have log input coming from multiple sources that I am writing into S3 buckets but now I am wanting to add the source name (machine name) to the S3 filename as a tag so my requirement is a dynamic tag name based on the different machine names that will then be added as a tag.

My current configuration is-

filter {
	mutate {
		add_field => {
			"filepath" => '%{[log][file][path]}' 
		}
	}
	
	grok {
		match => ["filepath", "%{WORD:filepath}.log"]
		overwrite => ["filepath"]
	}
 }

output {
     s3 {
          ....
	 tags => ["%{filepath}"]
    }
}

The filenames in S3 is

ls.s3.3791f296-2b0e-4750-a868-a668a5b98e61.2020-03-20T12.32.tag_%{filepath}.part8

So what am I missing and can what I want to do be done with the S3 tag property.

TIA,
Bill

Badger · March 22, 2020, 5:11pm

No, it cannot be done. The code that adds tags is just a concatenation of strings in an array. It does not event.sprintf each tag. There has been an issue open for this for a couple of years.

byoungman · March 23, 2020, 12:27pm

Thanks for the quick response Badger and I will look at another approach to this probably something like if [field][machinename] = xxxx s3 tag => 'machinename'

I'll let me team know this.

Bill

system · April 20, 2020, 12:28pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
S3 Output Plugin tag in Filename Logstash	2	700	February 11, 2021
Adding S3 Bucket Name in Output Logs Logstash	4	1123	January 8, 2018
Dynamic Bucket Names or Directories in AWS S3 Output Logstash	10	7884	July 6, 2017
Logstash to s3 dynamic bucket Logstash	1	481	June 28, 2020
Dynamically set s3 bucket name in logstash output Logstash	2	152	July 18, 2023

Creating a dynamic S3 tag

Related topics