Extracting filename from existing source field?

roly · November 9, 2018, 9:24am

How do i extract source filename from the existing field which standard field from logstash which is (Source)?

input {
  beats {
    port => 5044
    host => "0.0.0.0"
  }
}

filter {
  grok {
    patterns_dir => ["/etc/logstash/conf.d/patterns"]
    match => { "message" => "%{LOGLEVEL:log_lvl}\s+\[%{TIMESTAMP_ISO8601:time_stamp}\]\s+\[%{REQID:req_id}\]\s+%{JAVACLASS:class_name}:\s+%{JAVALOGMESSAGE:log_msg}" }
    match => { "sourcename" => "/var/log/.*?/(?<logfolder>.*?)/" }
  }
 mutate {
    remove_field => ["message"]
    #remove_field => ["beat"]
    remove_field => ["[host]"]
 }
 mutate {
   add_field => {
        "host" => "%{[beat][hostname]}"
   }
 }
}

output {
        elasticsearch {
                user => "elastic"
                password => "changeme"
                hosts => "localhost:9200"
                manage_template => false
                index => "logstash-%{+YYYY.MM.dd}"
                document_type => "%{[@metadata][type]}"
        }
}

we are not getting any result as sourcename field !!

system · December 7, 2018, 9:24am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Extracting filename from existing field (Source)? Logstash	12	2888	December 4, 2018
Extract file name and add as a field Logstash	3	2426	September 18, 2021
Extract File Name from source Logstash	3	13277	February 28, 2017
Extracting contents of the filename (from the source) and creating fields Logstash	7	5862	July 6, 2017
Extract field from source Logstash	7	662	May 4, 2018

Extracting filename from existing source field?

Related Topics