I have some log files that only in the first line it will display the version of the file, but I want to use that version everywhere in the log. is there a way I can store that data and use it for the rest of the file?
For example:
2023-01-01 00:00:00 INFO version 3.4.1
2023-01-01 00:00:00 INFO starting application
[...]
I want to use that 3.4.1 in all events of my log that are sent to elasticsearch
You could try use the "set" processor to store de VERSION and use it on ingestion pipeline. Take a look at: Set processor | Elasticsearch Guide [8.9] | Elastic
Thanks, but I think this will set the version field in only one event: the first event to be precise, the rest of the events will have it empty
And of course I just can't hard code the version as each log will have different versions
Perhaps the use of enrichment pipelines? but the problem is that the index source will need to be fast
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.