hboris
August 4, 2022, 11:14am
1
Hello,
I am a newbie and i am planing to install elastic stack.
Here is my architecture
Here is what my apache module conf looks like:
#-------------------------------- Apache Module --------------------------------
- module: apache
access:
enabled: true
var.paths: ["/customer1/access.log", "/customer2/access.log"]
input: ???
My point concerne the input section. How can i
add custom fields for each of my access log files (customerName: c1 or c2, env: prod)
tell apache to ignore lines starting by 127.0.0.1 or localhost
tell apache to ignore 24h older access log files
Thank you for your help
hboris
August 5, 2022, 1:59pm
2
Hello,
No one was already facing this issue?
- module: apache
access:
enabled: true
var.paths: ["/customer1/access.log", "/customer2/access.log"]
input:
processors:
- if:
var.paths: ["/customer1/access.log"]
then:
add_fields:
customerName: c1
- if:
var.paths: ["/customer2/access.log"]
then:
add_fields:
customerName: c2
Thank you for your help
jsoriano
August 22, 2022, 2:50pm
3
Hey @hboris , welcome to discuss
Yes, processors is probably the way to go here. Your configuration looks fine, but if you have different configurations, it may be better to have a more clear separation. For example you could have one file per customer.
So the file for customer 1 would look like this:
- module: apache
access:
enabled: true
var.paths: ["/customer1/access.log"]
input:
processors:
- add_fields:
customerName: c1
The file for customer 2 the same, but using the values for customer 2, and so on.
This would allow you to more easily add or remove configurations as your customer base grows
system
September 19, 2022, 4:51pm
4
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
