How to pass multiple csv files with different names and different content?

Thodoris_Alexopoulos · February 21, 2019, 10:40am

Hello,

I want to pass into Elastisearch several CSV files with a different format each other. Till now, I have created a Logstash conf file that handles only one CSV with a specific name under a specific path. But when I am using a * to catch all the files under the directory the result is not what I want. Below you can find my Logstash conf file and the CSV files. Could anyone give some advice about what I am doing wrong? Thanks in advance.

input {
file {
path =>"/home/kibana/Downloads/scde1_report_MTSMS_2019-02-05.csv"
start_position => "beginning"
sincedb_path => "/dev/null"
}

	file {
            path =>"/home/kibana/Downloads/scde1_report_MTSMS_Throttling2019-01-23.csv"
            start_position => "beginning"
            sincedb_path => "/dev/null"
    }

}
filter {
if [path] == "/home/kibana/Downloads/scde1_report_MTSMS_2019-02-05.csv"
{
if ([message] =~ "\bDate\b") {
drop { }
} else {
csv {
separator => ","
columns => [ "Date","Hour","Avg_TPS","Avg_Top_1%_TPS","Avg_Top_10%_TPS","Avg_Proc","Avg_Top_1%_Proc","Avg_Top_10%_Proc" ]

    }	}
	}
	else if [path] == "/home/kibana/Downloads/scde1_report_MTSMS_Throttling2019-01-23.csv"
	{
	 if ([message] =~ "\bDate\b") {
    drop { }
} else {
    csv {
            separator => ","
            columns => [ "Date","Hour","Avg_TPS","Avg_Top_1%_TPS","Avg_Top_10%_TPS" ]

    }	}

}
mutate{

            add_field => {
                    "DateHour" => "%{Date} %{Hour}"
                    }
            convert => {
                    "Avg_TPS" => "float"
                    "Avg_Top_1%_TPS" => "float"
                    "Avg_Top_10%_TPS" => "float"
                    "Avg_Proc" => "float"
                    "Avg_Top_1%_Proc" => "float"
                    "Avg_Top_10%_Proc" => "float"
                    }
            }

date {
match => ["DateHour","YYYY-MM-dd HH ","ISO8601"]
timezone => "Europe/Athens"
target => "DateHour"
remove_field => ["message","path","host","Date","Hour"]
}

}
output {
elasticsearch{
hosts => "localhost:9200"
index => "report"
document_type => "MT_SMS"
}
stdout{}

}

Config for multiple files

input {
file {
path =>"/home/kibana/Downloads/*.csv"
start_position => "beginning"
sincedb_path => "/dev/null"
}

	file {
            path =>"/home/kibana/Downloads/*.csv"
            start_position => "beginning"
            sincedb_path => "/dev/null"
    }

}
filter {
if [path] == "/home/kibana/Downloads/*.csv"
{
if ([message] =~ "\bDate\b") {
drop { }
} else {
csv {
separator => ","
columns => [ "Date","Hour","Avg_TPS","Avg_Top_1%_TPS","Avg_Top_10%_TPS","Avg_Proc","Avg_Top_1%_Proc","Avg_Top_10%_Proc" ]

    }	}
	}
	else if [path] == "/home/kibana/Downloads/*.csv"
	{
	 if ([message] =~ "\bDate\b") {
    drop { }
} else {
    csv {
            separator => ","
            columns => [ "Date","Hour","Avg_TPS","Avg_Top_1%_TPS","Avg_Top_10%_TPS" ]

    }	}

}
mutate{

            add_field => {
                    "DateHour" => "%{Date} %{Hour}"
                    }
            convert => {
                    "Avg_TPS" => "float"
                    "Avg_Top_1%_TPS" => "float"
                    "Avg_Top_10%_TPS" => "float"
                    "Avg_Proc" => "float"
                    "Avg_Top_1%_Proc" => "float"
                    "Avg_Top_10%_Proc" => "float"
                    }
            }

date {
match => ["DateHour","YYYY-MM-dd HH ","ISO8601"]
timezone => "Europe/Athens"
target => "DateHour"
remove_field => ["message","path","host","Date","Hour"]
}

}
output {
elasticsearch{
hosts => "localhost:9200"
index => "report"
document_type => "MT_SMS"
}
stdout{}

}

Badger · February 21, 2019, 2:04pm

If I am reading it correctly you have

It is never going to go through the second branch.

Thodoris_Alexopoulos · February 21, 2019, 2:15pm

In the first case it is working because under /Downloads/ there is a specific name?

Badger · February 21, 2019, 2:26pm

Yes.

Thodoris_Alexopoulos · February 21, 2019, 2:29pm

Can you propose me any solution?

Badger · February 21, 2019, 2:42pm

You need to have a more specific pattern that only matches the files that have the format that the branch parses. If just the date changes then maybe something like

if [path] =~ /scde1_report_MTSMS_Throttling.*\.csv/ {
    [...]
else if [path] =~ /scde1_report_MTSMS.*\.csv/ {

system · March 21, 2019, 2:42pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to use multiple csv files in logstash and filebeat Logstash	11	1633	June 10, 2020
Load multiple CSV to multiple index in a single conf file Logstash	2	778	March 24, 2020
Import of huge quantity of csv files in elasticsearch with logstash Logstash	9	2423	December 19, 2017
Conf files getting mixed when uploading Logstash	2	560	September 17, 2019
Import csv files to two different index Logstash	6	970	August 31, 2020

How to pass multiple csv files with different names and different content?

Related Topics