How do I add a new field based on the contents of a file?

Hi,

I'm currently using the netflow codec to decode netflow data and store in elastic. I want to introduce a new field called "site_id". The site ID is going to be present in a file called /tmp/site.id This file will contain just one line and will be a number

eg:>

cat /tmp/site.id
12345678

How do I add this field to every even that is being processed by logstash?

Eg>

 mutate {
        id => "site"
        add_field => {
            "[flow][violation]" => "false"
            "[flow][threat]" => "false"
            "[flow][site_id]" => //=======> read file /tmp/site.id and assign value 

        }
    }

You may be able to use the Ruby filter plugin and write a Ruby script, so long as file handling is enabled. I haven't tested this myself.
Ruby filter plugin

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.