File output to multiple files

romariol · March 11, 2019, 10:03am

I have a Logstash conf where I split an incoming XML into multiple events. I would like to write a file per event. However, the file output writes all the events to a single file (so an event per line). Is there a way to achieve this?

filter {

xml{
   store_xml => "false"
   source => "message"
remove_namespaces => true
xpath => 
 [
"/root/Envelope", "Envelopes"         
   ]
  }

mutate {
    remove_field => ["message"]
  }

 split{
  field => "Envelopes"
 }
}

output {
file {
path => "/install/logstash/output-CL102-%{+yyyyMMddHHmmss}.xml"
}
}

Thanks

yaauie · March 12, 2019, 1:11am

If the sprintf format string provided to the file output plugin's path directive creates unique value per event, then you will effectively write exactly one event per file.

One way to create a unique field on an event is with the Fingerprint Filter Plugin.

system · April 9, 2019, 1:11am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash + XML + Multiple split Logstash	2	326	April 1, 2022
Multiple events in the same input XML Logstash	9	1341	April 6, 2018
Logstash, split event from an xml file in multiples documents keeping information from root tags Logstash	9	3264	July 6, 2017
Sending multiple events using a single POST with http output codec Logstash	11	45	September 3, 2024
Simple Split filter Logstash	5	309	May 10, 2019

File output to multiple files

Related Topics