Filebeat add field based on line content

Mohammad_Mousavi · February 4, 2020, 8:25am

Hi. I have an access.log that holds multiple vod applications log.
I wanna have different grok filter for each application log. I thought maybe I can add some field in filebeat to trigger groks in logstash based on them. something like this: (which is wrong)

 processors:
   - add_fields:
     when:
       regexp:
          message: "App1"
     target: myfield
     fields:
               name:  {app_type: app1}
    when:
       regexp:
          message: "App2"
     target: myfield
     fields:
               name:  {app_type: app2}

then in logstash:

filter {
if [myfield][app_type] == 'App1' {
grok { ... }
if [myfield][app_type] == 'App2' {
grok { ... }
}

any idea on this ?
Thanx a lot

system · March 3, 2020, 8:25am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat field depending on Path Beats filebeat	4	478	February 19, 2018
How to add field for logs from specific file Beats filebeat	2	1091	April 20, 2020
Filebeat dynamically add new field Beats filebeat	2	1532	October 31, 2016
Add a field when a match between an external dictionary and a field from a filebeat document occurrs Beats filebeat	1	187	June 14, 2022
Problem with pipeline, grok and dashboards Beats filebeat	8	534	January 27, 2022

Filebeat add field based on line content

Related Topics