hboris
August 4, 2022, 11:14am
1
Hello,
I am a newbie and i am planing to install elastic stack.
Here is my architecture
Here is what my apache module conf looks like:
#-------------------------------- Apache Module --------------------------------
- module: apache
access:
enabled: true
var.paths: ["/customer1/access.log", "/customer2/access.log"]
input: ???
My point concerne the input section. How can i
add custom fields for each of my access log files (customerName: c1 or c2, env: prod)
tell apache to ignore lines starting by 127.0.0.1 or localhost
tell apache to ignore 24h older access log files
Thank you for your help
hboris
August 5, 2022, 1:59pm
2
Hello,
No one was already facing this issue?
- module: apache
access:
enabled: true
var.paths: ["/customer1/access.log", "/customer2/access.log"]
input:
processors:
- if:
var.paths: ["/customer1/access.log"]
then:
add_fields:
customerName: c1
- if:
var.paths: ["/customer2/access.log"]
then:
add_fields:
customerName: c2
Thank you for your help
jsoriano
August 22, 2022, 2:50pm
3
Hey @hboris , welcome to discuss
Yes, processors is probably the way to go here. Your configuration looks fine, but if you have different configurations, it may be better to have a more clear separation. For example you could have one file per customer.
So the file for customer 1 would look like this:
- module: apache
access:
enabled: true
var.paths: ["/customer1/access.log"]
input:
processors:
- add_fields:
customerName: c1
The file for customer 2 the same, but using the values for customer 2, and so on.
This would allow you to more easily add or remove configurations as your customer base grows
