Hello,
we have a server with logfiles in directories:
/xxx/log1/
- test-1.log
- test-2.log
- enrich-log1.json
/xxx/log2/
- test-1.log
- test-2.log
- enrich-log2.json
and so on....
the json file "enrich-log*.json" has more details about the logs within the same directory and looks like this:
{"key-1":"value-1", "key-2":"value-2", "key-3":"value-3"}
we configured filebeat:
filebeat.inputs:
-type:
log.paths:
/xxx/log*/*.log
How can we add the data from "enrich.json" as fields to every document within the same directory ?
this is something we look for (of course not working):
filebeat.inputs:
-type:
log.paths:
/xxx/log*/*.log
processors:
add_fields:
target: enriched
source: /xxx/log*/enrich-log*.json
fields:
key-1: "value1"
key-2: "value2"
key-3: "value3"
We already thought about using Logstash, but only Filebeat has access to the directories.
best regards