Get the name of the log file and create a tag or a custom field with that value

mar-ro · May 28, 2021, 1:01pm

Good afternoon.
I would like to know how I could in logstash create a tag (or a custom field) with a part of the value of the log.file.path.keyword field. Considering that this field stores the absolute path, I would be interested in getting only the file name.

I have tried several options, among them the following one, but I can't get this value

grok {
match => [ "log.file.path.keyword" , "(?<filename>[a-zA-Z0-9.]*$)"]]
overwrite => [ "filename" ]
}

Can you tell me how to properly configure logstash to get that value?
Thanks!

Badger · May 28, 2021, 4:58pm

The grok pattern looks right, but .keyword is an elasticsearch thing and that field does not exist in logstash. You probably want

match => { "[log][file][path]" => "(?<filename>[a-zA-Z0-9.]*$)" ] }

logstash uses a different syntax to represent objects that have nested fields. It can easily distinguish between [foo.bar] (a field with a dot in its name) and [foo][bar] (and object with a field called bar in it).

system · June 25, 2021, 4:58pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Extract file name and add as a field Logstash	3	2426	September 18, 2021
Match log.file.path in Grok Logstash	3	3415	May 18, 2019
Extracting contents of the filename (from the source) and creating fields Logstash	7	5862	July 6, 2017
Unable to add tag with filename Logstash	5	473	June 6, 2022
Check if string is in field Logstash	10	6566	May 5, 2021

Get the name of the log file and create a tag or a custom field with that value

Related Topics