Hi,
I'm currently using the netflow codec to decode netflow data and store in elastic. I want to introduce a new field called "site_id". The site ID is going to be present in a file called /tmp/site.id
This file will contain just one line and will be a number
eg:>
cat /tmp/site.id
12345678
How do I add this field to every even that is being processed by logstash?
Eg>
mutate {
id => "site"
add_field => {
"[flow][violation]" => "false"
"[flow][threat]" => "false"
"[flow][site_id]" => //=======> read file /tmp/site.id and assign value
}
}