Filebeat add field based on line content

Mohammad_Mousavi · February 4, 2020, 8:25am

Hi. I have an access.log that holds multiple vod applications log.
I wanna have different grok filter for each application log. I thought maybe I can add some field in filebeat to trigger groks in logstash based on them. something like this: (which is wrong)

 processors:
   - add_fields:
     when:
       regexp:
          message: "App1"
     target: myfield
     fields:
               name:  {app_type: app1}
    when:
       regexp:
          message: "App2"
     target: myfield
     fields:
               name:  {app_type: app2}

then in logstash:

filter {
if [myfield][app_type] == 'App1' {
grok { ... }
if [myfield][app_type] == 'App2' {
grok { ... }
}

any idea on this ?
Thanx a lot

system · March 3, 2020, 8:25am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat field depending on Path Beats filebeat	4	478	February 19, 2018
How to add field for logs from specific file Beats filebeat	2	1098	April 20, 2020
New user - Simple problem with adding a field with mutate Logstash	4	1875	July 6, 2017
Grok filter on logstash Logstash	5	439	March 30, 2020
Filebeat not working Beats filebeat	3	1369	June 19, 2017

Filebeat add field based on line content

Related topics