I 'm using exec output plugin and i want to send output of exec cmd to elasticsearch.
My logstash conf as shown below
input {
file {
path => "/log/sample.log"
start_position => "beginning"
}
}
filter{
grok {
match => { "message" => "%{GREEDYDATA:myfilename}}
}
}
output{
exec {
command => "ls %{myfilename}"
#this is just sample cmd but i want to use filename to pass it cmd and get the file details here
}
elasticsearch{
}
}
now is there is any to send exec cmd output to elasticsearch??
No, I do not think so. It would be a very slow filter that would affect performance and also potentially dangerous from a security standpoint. What is it you are trying to achieve? What is the use-case?
use case is i'm parsing log file but which only provides file_name and other details now i want to this file_name and get the file_attributes of that file using cmd and then merge this info and create index file_name + file_attribute info
Here is the flow
log file --> logtash (extract file_name from log) ---> pass this file_name to cmd and get file attributes --> index into elasticsearch with filename + file attributes details
What would be the best way to achieve this?
also note that : i dont have permission to modify log file where i can add file attributes along with file attributes
I can not think of any filter that will allow you to do that out of the box. It may be possible to do it through a ruby plugin, but may also require a custom plugin.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.