Hello, I am a beginner in logstash and currently learning the basics. I am stuck while solving a problem. Basically my input(to logstash) can be a series of Alphabets like below:
a
b
a
c
d
I want to add a tag "A" if the data read is "a" also i need to Ensure that the input data is tagged with type as "test" , and write the output to the file output.txt in the path usr/share/logstash. I understand that i can tag the input data in stdin and then use the file plugin to output the data to output.txt file but i just cant figure out how i can add the tag "A" if the data read is "a". Please advise.
I see you already got a great answer to your question, but I wanted to add that if you're new to Logstash, you may also want to have a look at some open source parsers, such as https://github.com/empow/logstash-parsers/.
We've been dealing with log parsing for years and it can get very tricky to nail the real meaning of the data. These kind of parses interface into Logstash as .conf files, and can greatly help you consolidate and normalize numerous log dumps into information that can be effectively used (using the Elastic Common Schema, MITRE rationale etc.). See https://blog.empow.co/loganalysis.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.