I want to use two grok statements for my log files. I have two different structures of logs in my folder. How would I do this if I want to match some log files to one of the groks and the rest to the other. These are the two grok statements.
filter
{
if [path] =~ "access" {
mutate { replace => { type => "apache_access" } }
}
grok
{
match => {'message'=>'%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:severity} [%{DATA:thread}] %{NOTSPACE:browserinfo} (%{GREEDYDATA:program}) %{GREEDYDATA:message}}'}
}
}
grok
{
match => {'message'=>'{TIMESTAMP_ISO8601:time} %{LOGLEVEL:severity} %{GREEDYDATA:some_data}}'}
}
}