How to extract data from filename using logstash?

reillye · December 2, 2020, 2:56pm

I am using filebeat to monitor a directory for new files that get dropped in every hour. The files are then sent to logstash to be parsed before being sent to ES. The filenames are in this format

aldb-E6-20201015232941.csv or possibly aldbE6-20201015232941.csv

I need to be extract the data aldb and E6 from the filename and add it to the index. Can I do this using logstash?

I know I can get the filepath using [log][file][path] which returns a value like /var/data/filebeat/source/aldb-E6-20201015232941.csv, but how can I then extract the information I need from that?

Badger · December 2, 2020, 4:04pm

You could do that using grok

grok { match => { "[log][file][path]" => "/(?<firstBit>.{4})(-)?(?<secondBit>.{2})-\d+\.%{WORD}$" } }

reillye · December 2, 2020, 4:46pm

That works, thanks!

system · December 30, 2020, 4:46pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to extract logstash log.file.path for filter Logstash	2	1187	July 30, 2020
Extract source filename in logstash received from Filebeat Logstash	2	1155	October 21, 2017
Extract file name and add as a field Logstash	3	2426	September 18, 2021
Extract File Name from source Logstash	3	13277	February 28, 2017
Parse filename before sending to ElasticSearch Beats filebeat	9	5144	May 28, 2019

How to extract data from filename using logstash?

Related Topics