Input from kafka to logstash

Harsha606 · June 7, 2019, 10:39am

Hi All,

my architecture is as below

filebeat -> kafka -> logstash -> elastic

from, filebeat i am successfully pushing logs to kafka, what i observed in kafka topic message is log":{"file":{"path":"/mnt/volume0/XXXX-v2-free-service/services/free-v-2-0-13/namesrv/logs/name-srv-express-info1.log"},"offset":4501449},"level":"info"}

now my question is, while considering kafka input to logstash, can i do a filter based on log":{"file":{"path": , why i need that is because, as you observe in the folder structure there is folder named free-v-2-0-13 , based on that name i need to add field called version and that folder name changes dynamically!!!
if this can be done, plz explain how....

any help would be really appreciated.

Harsha606 · June 12, 2019, 9:57am

can any one help me on this plz?

Badger · June 12, 2019, 1:56pm

Assuming you have valid JSON coming from kafka, you can use a json filter to parse it. Then you can use grok or dissect to extract the folder name from [log][file][path]

Harsha606 · June 13, 2019, 9:18am

thanks Badger.. it helped me lot!!!

Harsha606 · June 13, 2019, 9:20am

for someone, who is facing same issue, here is the solution for it..

filter {

grok {
match => { "[log][file][path]" => "/mnt/volume0/somename-v[0-9]-free-service/services/(?[^/]+)/" }
}
}

Topic		Replies	Views
Choose filter-kv or another from list for such type logs Logstash	2	308	July 16, 2019
Sending text log files using Logstash to Kafka Logstash	8	2518	August 1, 2018
Reading Data From Kafka and use filter json fails with ParserError Logstash	19	4463	July 5, 2018
Filebeat -> kafka - > logstash no output Logstash	3	1223	July 25, 2017
Reading beats fields from Kafka input Logstash	3	1194	March 27, 2017

Input from kafka to logstash

Related topics