Hi. I have an access.log that holds multiple vod applications log.
I wanna have different grok filter for each application log. I thought maybe I can add some field in filebeat to trigger groks in logstash based on them. something like this: (which is wrong)
processors: - add_fields: when: regexp: message: "App1" target: myfield fields: name: {app_type: app1} when: regexp: message: "App2" target: myfield fields: name: {app_type: app2}
then in logstash:
filter {
if [myfield][app_type] == 'App1' {
grok { ... }
if [myfield][app_type] == 'App2' {
grok { ... }
}
any idea on this ?
Thanx a lot