Fetching data from a csv file and updating another file accordingly

jatin6418 · June 25, 2019, 9:15am

hey
I am having two files one is a log file and one is a csv file. From log file I am reading the itemid and I want to add the name of this item which is stored in the csv file can someone help me .

input{

 file{
     type => "log"
     path =>"/home/dummy.log"
     start_position =>"beginning"
     sincedb_path => "/dev/null"
     }
   

 file{
     type => "csv"
     path =>"/home/output.csv"
     start_position =>"beginning"
     sincedb_path => "/dev/null"
     }

}

filter {

if [type] == "log" {

grok {
match => [
"message","(?<item_id>[\w-/]+)"
]
}

}

if [type] == "csv"{
csv{
separator => ","
columns => ["item_id", "item_name"]
}

}

sjabiulla · June 25, 2019, 10:48am

Read only log file in input. Remove the csv file type from input.
Extract the item id from the log using grok filter as you already did.
Now use the translate filter to map the item id with name . Translate filter in your scenario will look like below.

translate {
field => "item_id"
destination => "item_name"
dictionary_path => "/home/output.csv"
}

jatin6418 · June 25, 2019, 4:16pm

Thnx a lot sir

I wanted to ask one more question

if my grook filter looks like
(?[\d-]+)\s(?[\w-/]+)

(here viewid represents the item_id)

and my csv file has the following structure
community_id,item_id,community_name,item_name

then how should i write the translate filter
Is there any restriction that my csv file should have only two columns in which mapping needs to be done?

sjabiulla · June 26, 2019, 3:43am

Yes, csv can only have two columns. Hence you can have csv as below. The below has only 2 columns, but the second column has all info that you need.

item_id,community_id|community_name|item_name

You can use below filters now.

translate {
field => "item_id"
destination => "item_details"
dictionary_path => "/home/output.csv"
}

mutate {
 split => { "item_details" => "|" }
 add_field => { "community_id" => "%{item_details[0]}" }
 add_field => { "community_name" => "%{item_details[1]}" }
 add_field => { "item_name" => "%{item_details[2]}" }
}

Now you will have comunity_id, community_name, item_name that are mapped by item_id via csv in the output

jatin6418 · June 28, 2019, 6:20pm

thnxx a lot for your help it worked for me .

system · July 26, 2019, 6:24pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Compare a field with a csv file and add info from csv in a new field Logstash	7	1189	September 6, 2019
Logstash add field from another input Logstash	16	1058	March 13, 2019
While reading one CSV file i want to lookup another CSV file for required data and that data i need to add it into my log Logstash	2	275	May 18, 2019
Parsing and combining different CSV files in logstash Logstash	12	4364	February 15, 2018
Translate plugin using csv Logstash	3	2345	April 30, 2019

Fetching data from a csv file and updating another file accordingly

Related topics