Extract fields from a log path in logstash

aysala · June 20, 2018, 7:37pm

Hi experts,

I am trying to figure out a way to create new fields from a log path. Is there a way to configure this using processors in filebeat? or can anyone help me with the grok pattern that creates the below fields?

For example:

    filebeat.prospectors:
    - type: log    
      paths:
      - /var/lib/mesos/slave/slaves/some_slave_id/frameworks/some_framework_id/executors/some_executor_id/runs/latest/stdout

I want new fields that shows some_slave_id, some_framework_id and some_executor_id values.

Thanks!

Badger · June 20, 2018, 8:09pm

If filebeat puts the path into the source field then you could use

dissect { mapping => { "source"=> '%{}/slaves/%{slave_id}/frameworks/%{framework_id}/executors/%{executor_id}/%{}' } }

aysala · June 21, 2018, 1:56pm

Works for me! Thanks @Badger

system · July 19, 2018, 1:56pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat field depending on Path Beats filebeat	4	478	February 19, 2018
Can we extract folder and file out of log.file.path field? Kibana	5	2786	March 3, 2020
Extracting fields from path and adding them to new elapsed events Logstash	1	238	October 22, 2019
Split filepath to a new field Logstash	3	547	December 21, 2022
Extract file name and add as a field Logstash	3	2426	September 18, 2021

Extract fields from a log path in logstash

Related Topics