How to know the log comme from which file

seeva · October 25, 2017, 1:11pm

what do you think about this :

input { stdin { } }

filter {
grok {
match => { "message" => ["(?(\d{4})-(\d{2})-(\d{2}).(\d{2}):(\d{2}):(\d{2}).(\d{3})) %{INT:EventId} %{UUID:ActivityId} %{DATA:UserName} %{NOTSPACE:TransactionIsolationLevel} %{NOTSPACE:TransactionLocalIdentifier} %{NOTSPACE:TransactionDistributedIdentifier} %{NOTSPACE:TransactionStatus} %{NOTSPACE:severity } %{GREEDYDATA:data}"] }
}
date {
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
}

output {
elasticsearch {
hosts => ["10.184.161.66","10.184.161.67"]
user => elastic
password => "Cs_24Z*-;u3WXMzwk]66"
index => opera_index

}

stdout { codec => rubydebug }
}

here is an event in a log file :

2017-09-05 01:00:08.092 131 00000000-0000-0000-0000-000000000000 user (null) (null) (null) (null) Information this is a message

Topic		Replies	Views
Wrong source name Logstash	1	599	June 2, 2017
Extract File Name from source Logstash	3	13369	February 28, 2017
Parse source field Logstash	4	915	November 29, 2018
Filebeat overwrites log file source field Beats filebeat	4	1754	July 5, 2017
Source missing in filebeat logs Beats filebeat	6	384	September 7, 2023

How to know the log comme from which file

Related topics