Hello,
I have a requirement , where i need to derive values based on the input path
example - i have a log file on a partition
format - /app/shared/1.1.1.1_webserver_ticket#1.log
From the above path , i need to extract the IP (1.1.1.1), component (webserver) and ticket (ticket#1) . My filebeat.yml looks like this
# Paths that should be crawled and fetched. Glob based paths.
paths:
- /app/shared/*webserver_comp1.log
- /app/shared/*webserver_comp2.log
Now the logstash config is written to fetch these details via grok
filter {
grok {
match => { "path" => "%{IP:machineip}_%{NOTSPACE:component}_%{NOTSPACE:ticket}" }
}
}
How do i add a field based on the input glob pattern on filebeats' input section and pass it along to logstash ? Should i use the processor ? would that work based on each glob pattern ?