Extract fields from a log path in logstash

aysala · June 20, 2018, 7:37pm

Hi experts,

I am trying to figure out a way to create new fields from a log path. Is there a way to configure this using processors in filebeat? or can anyone help me with the grok pattern that creates the below fields?

For example:

    filebeat.prospectors:
    - type: log    
      paths:
      - /var/lib/mesos/slave/slaves/some_slave_id/frameworks/some_framework_id/executors/some_executor_id/runs/latest/stdout

I want new fields that shows some_slave_id, some_framework_id and some_executor_id values.

Thanks!

Badger · June 20, 2018, 8:09pm

If filebeat puts the path into the source field then you could use

dissect { mapping => { "source"=> '%{}/slaves/%{slave_id}/frameworks/%{framework_id}/executors/%{executor_id}/%{}' } }

aysala · June 21, 2018, 1:56pm

Works for me! Thanks @Badger

system · July 19, 2018, 1:56pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.