Can i change my logstash configuration file dynamically ? Like i need to have different grok patterns for different file paths.
Can i use something like "translate plugin" to change values of grok in the configuration file from another file(ex: YAML, JSON etc).
Please help. Thanks
@Priyaranjan_Mudliar, Yes, you can write different grok pattern for different file path. You can define the fields in filebeat.yml for every log path and then you can use that filed in logstash to use different grok pattern for each log path. Please refer the below example for filebeat.yml and logstash configuration:
For Filebeat.yml:
- type: log
enabled: true
paths:
- /var/log/syslog
fields_under_root: true
fields:
type: syslog_logs
- type: log
enabled: true
paths:
- /var/log/auth.log
fields_under_root: true
fields:
type: auth_logs
Logstash configuration:
if [type] == "syslog_logs" {
grok {
}
else [type] == "auth_logs" {
grok {
}
Hops so above config will help you.
Thanks.
Thanks for the reply... but i actually don't want this to be written on the configuration file itself instead i want the if and else part taken from another file. Is it possible ? Anyways i will work with the above method if its not possible.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.