Filebeat 7.4.0
I've been trying to work off of the link below to add tags to logs that are coming from different folders. We have multiple different log folders like vdi001, vdimgmt001 and flx001 and we'd like to use filebeat to tag the logs as their shipped. It seems like the _add_tags: when: conditional: format is the way to go but after that I'm not sure what the syntax is. I've been trying the log.file.path option like the other thread has but cant seem to get it to work.
processors:
- add_tags:
when:
contains:
log.file.path: "/logs/vdi001/vdi001.*.log"
tags: ["vdi","esx"]