How do I add a new field based on the contents of a file?


I'm currently using the netflow codec to decode netflow data and store in elastic. I want to introduce a new field called "site_id". The site ID is going to be present in a file called /tmp/ This file will contain just one line and will be a number


cat /tmp/

How do I add this field to every even that is being processed by logstash?


 mutate {
        id => "site"
        add_field => {
            "[flow][violation]" => "false"
            "[flow][threat]" => "false"
            "[flow][site_id]" => //=======> read file /tmp/ and assign value 


You may be able to use the Ruby filter plugin and write a Ruby script, so long as file handling is enabled. I haven't tested this myself.
Ruby filter plugin

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.