How to parse a particular log file

anon69830709 · September 4, 2018, 5:20am

So i have 2 log file say log1 and log2.I want to parse them using separate filter.

so can i use if statement on file source like

if [source] == ///log1 {
do something
}
else {
do something
}

Krunal_kalaria · September 4, 2018, 5:46am

Hi @anon69830709,

You can use it that is the right way and you can use like
if [source] == "log1"
{

}
else if [source] == "log2"
{

}
else { }

Thanks & Regards,
Krunal.

anon69830709 · September 4, 2018, 6:00am

source is for file name or path?
When i mention source, do i need to specify file location?

Krunal_kalaria · September 11, 2018, 6:36am

Hi @anon69830709,

Sorry for late response,

Source is your field name like:

if [message] == "login failed"
{
kv{ }
grok{ } #what ever filter you want to apply you can use here in if else loop.
}
else if [192.168.1.1] == "login failed"
{
#you can use same here
}

Thanks & Regards,
Krunal.

system · October 9, 2018, 6:37am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

How to parse a particular log file

You can use it that is the right way and you can use like if [source] == "log1" {

} else if [source] == "log2" {

You can use it that is the right way and you can use like
if [source] == "log1"
{

}
else if [source] == "log2"
{