Hi @Badger I need to continue below topic: [image] Conditional processing in txt file Logstash See this thread. referring to above I have a question how I can mark in this code pattern, also count of records is not regular (once it's more once it's less) a place wi…

I would consider consuming the file with a multiline codec that collects all the lines for each '# Type', then tag them with the type and use a split filter to break each line into its own event Suppose we have a file # Snapshot # ABC a,b,c d,e,f # Type2 foo,1,2,3 bar,4,5,6 # DN Blocks 224135896,2…

Discuss the Elastic Stack

Csv plugin cooperating with multiplying pattern

Elastic Stack Logstash

Badger July 19, 2022, 10:39pm 11

I would use

ruby { code => '@@metadata = event.get("@timestamp")' }

for the snapshot lines, and

ruby { code => 'event.set("@timestamp", @@metadata)' }

for the others.

1 Like

Issue with provision large file to logstash

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.